libbinder: fix buffer free race

Well, so the race is:
- client sends a large transaction (buffer A)
- server processes result
- server sends reply (1)
- client gets reply
- client sends another large transaction (buffer B)
- transaction fails, not enough space
- server frees buffer A (2)

This CL moves (2) to happen before (1). We set the Parcel size
to 0, which has the effect of freeing data, before the destructor
runs.

Test: binderLibTest
Test: binderLibTest --gtest_filter="*Garg*" --gtest_repeat=1000 --gtest_break_on_failure
Fixes: 238777741
Change-Id: Ic223a98c55904bb3f77ca13729cdf24a992cef1e

0 files changed, 0 insertions, 0 deletions