From 0beb956917b34471e5709a6ce2ab47d83011b1e6 Mon Sep 17 00:00:00 2001
From: Pawan Wagh <waghpawan@google.com>
Date: Fri, 20 Jan 2023 19:11:39 +0000
Subject: Check for null data buffer in AParcel_marshal

Test: m binder_parcel_fuzzer &&
out/host/linux-x86/fuzz/x86_64/binder_parcel_fuzzer/binder_parcel_fuzzer
Bug: 265412053

Change-Id: I2f2b9b82ef1f86ba046deffba6d719c1be433ab5
---
 libs/binder/ndk/parcel.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libs/binder/ndk/parcel.cpp b/libs/binder/ndk/parcel.cpp
index 86930229ce..94f72d96f6 100644
--- a/libs/binder/ndk/parcel.cpp
+++ b/libs/binder/ndk/parcel.cpp
@@ -700,6 +700,9 @@ binder_status_t AParcel_marshal(const AParcel* parcel, uint8_t* buffer, size_t s
         return STATUS_BAD_VALUE;
     }
     const uint8_t* internalBuffer = parcel->get()->data();
+    if (internalBuffer == nullptr) {
+        return STATUS_UNEXPECTED_NULL;
+    }
     memcpy(buffer, internalBuffer + start, len);
     return STATUS_OK;
 }
-- 
cgit v1.2.3-59-g8ed1b