Skip to content

Commit abfcdc8

Browse files
Steven Morelandandroid-build-merge-worker-robot
Steven Moreland
authored and
android-build-merge-worker-robot
committed
libbinder: Parcel: grow rejects large data pos am: 0db4fce am: 788803b am: 009229d
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/29918554 Change-Id: I502d467d75120352933989891c52f4af3997ad54 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2 parents 4cc5459 + 009229d commit abfcdc8

1 file changed

Lines changed: 8 additions & 0 deletions

File tree

libs/binder/Parcel.cpp

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2370,6 +2370,14 @@ status_t Parcel::growData(size_t len)
23702370
return BAD_VALUE;
23712371
}
23722372

2373+
if (mDataPos > mDataSize) {
2374+
// b/370831157 - this case used to abort. We also don't expect mDataPos < mDataSize, but
2375+
// this would only waste a bit of memory, so it's okay.
2376+
ALOGE("growData only expected at the end of a Parcel. pos: %zu, size: %zu, capacity: %zu",
2377+
mDataPos, len, mDataCapacity);
2378+
return BAD_VALUE;
2379+
}
2380+
23732381
if (len > SIZE_MAX - mDataSize) return NO_MEMORY; // overflow
23742382
if (mDataSize + len > SIZE_MAX / 3) return NO_MEMORY; // overflow
23752383
size_t newSize = ((mDataSize+len)*3)/2;

0 commit comments

Comments
 (0)