File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -1090,6 +1090,10 @@ void* Parcel::writeInplace(size_t len)
10901090 // printf("Writing %ld bytes, padded to %ld\n", len, padded);
10911091 uint8_t * const data = mData +mDataPos ;
10921092
1093+ if (status_t status = validateReadData (mDataPos + padded); status != OK) {
1094+ return nullptr ; // drops status
1095+ }
1096+
10931097 // Need to pad at end?
10941098 if (padded != len) {
10951099#if BYTE_ORDER == BIG_ENDIAN
@@ -1648,6 +1652,10 @@ status_t Parcel::writeObject(const flat_binder_object& val, bool nullMetaData)
16481652 const bool enoughObjects = kernelFields->mObjectsSize < kernelFields->mObjectsCapacity ;
16491653 if (enoughData && enoughObjects) {
16501654restart_write:
1655+ if (status_t status = validateReadData (mDataPos + sizeof (val)); status != OK) {
1656+ return status;
1657+ }
1658+
16511659 *reinterpret_cast <flat_binder_object*>(mData +mDataPos ) = val;
16521660
16531661 // remember if it's a file descriptor
@@ -1889,6 +1897,10 @@ status_t Parcel::writeAligned(T val) {
18891897
18901898 if ((mDataPos +sizeof (val)) <= mDataCapacity ) {
18911899restart_write:
1900+ if (status_t status = validateReadData (mDataPos + sizeof (val)); status != OK) {
1901+ return status;
1902+ }
1903+
18921904 memcpy (mData + mDataPos , &val, sizeof (val));
18931905 return finishWrite (sizeof (val));
18941906 }
You can’t perform that action at this time.
0 commit comments