summaryrefslogtreecommitdiff
path: root/libs/binder
diff options
context:
space:
mode:
Diffstat (limited to 'libs/binder')
-rw-r--r--libs/binder/Parcel.cpp2
-rw-r--r--libs/binder/tests/binderParcelUnitTest.cpp11
2 files changed, 12 insertions, 1 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 777c22a63e..2c37624304 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -542,7 +542,7 @@ status_t Parcel::appendFrom(const Parcel* parcel, size_t offset, size_t len) {
return BAD_VALUE;
}
- if ((mDataSize+len) > mDataCapacity) {
+ if ((mDataPos + len) > mDataCapacity) {
// grow data
err = growData(len);
if (err != NO_ERROR) {
diff --git a/libs/binder/tests/binderParcelUnitTest.cpp b/libs/binder/tests/binderParcelUnitTest.cpp
index 6259d9d2d2..a71da3f384 100644
--- a/libs/binder/tests/binderParcelUnitTest.cpp
+++ b/libs/binder/tests/binderParcelUnitTest.cpp
@@ -197,6 +197,17 @@ TEST(Parcel, AppendPlainDataPartial) {
ASSERT_EQ(2, p2.readInt32());
}
+TEST(Parcel, AppendWithBadDataPos) {
+ Parcel p1;
+ p1.writeInt32(1);
+ p1.writeInt32(1);
+ Parcel p2;
+ p2.setDataCapacity(8);
+ p2.setDataPosition(10000);
+
+ EXPECT_EQ(android::BAD_VALUE, p2.appendFrom(&p1, 0, 8));
+}
+
TEST(Parcel, HasBinders) {
sp<IBinder> b1 = sp<BBinder>::make();
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-19 14:33:22 +0000