libbinder: Parcel: grow rejects large data pos am: 0db4fce am: 788803b am: 009229d am: abfcdc8 am: e95795f am: 9180d6f

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/29918554

Change-Id: I627006e49f6d05424a163a571d92e615a61a82f9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

Author: Steven Moreland

libs/binder/Parcel.cpp

@@ -2775,6 +2775,14 @@ status_t Parcel::growData(size_t len)
         return BAD_VALUE;
     }
 
+    if (mDataPos > mDataSize) {
+        // b/370831157 - this case used to abort. We also don't expect mDataPos < mDataSize, but
+        // this would only waste a bit of memory, so it's okay.
+        ALOGE("growData only expected at the end of a Parcel. pos: %zu, size: %zu, capacity: %zu",
+              mDataPos, len, mDataCapacity);
+        return BAD_VALUE;
+    }
+
     if (len > SIZE_MAX - mDataSize) return NO_MEMORY; // overflow
     if (mDataSize + len > SIZE_MAX / 3) return NO_MEMORY; // overflow
     size_t newSize = ((mDataSize+len)*3)/2;