OSDN -- Développer et télécharger des logiciels Open Source
Traduction statut du Français translation status for fr

Android-x86
Fork
Faire un don

  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

frameworks-native: Commit

frameworks/native


Commit MetaInfo

Révisionab1fb955acc8bbe6b9086a4ab54beab003a887a9 (tree)
l'heure2018-05-26 03:40:47
AuteurMichael Wachenschwanz <mwachens@goog...>
Commiterandroid-build-team Robot

Message de Log

Increment when attempting to read protected Parcel Data

Make sure to increment the parcel data position even when trying to
improperly read from protected data

Bug: 29833520

Test (M): cts-tradefed run cts -c android.os.cts.ParcelTest -m testBinderDataProtection
Test (M): cts-tradefed run cts -c android.os.cts.ParcelTest -m testBinderDataProtectionIncrements
Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest#testBinderDataProtection
Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest#testBinderDataProtectionIncrements

Change-Id: Ie4aae6277fc5f5c924f603d9828c3a608998b986
Merged-In: Ie4aae6277fc5f5c924f603d9828c3a608998b986
(cherry picked from commit 6a825e8ad1a3928dd872bb7c3fbcd94784d77267)

Change Summary

Modification

--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -1535,7 +1535,12 @@ status_t Parcel::read(void* outData, size_t len) const
15351535 && len <= pad_size(len)) {
15361536 if (mObjectsSize > 0) {
15371537 status_t err = validateReadData(mDataPos + pad_size(len));
1538- if(err != NO_ERROR) return err;
1538+ if(err != NO_ERROR) {
1539+ // Still increment the data position by the expected length
1540+ mDataPos += pad_size(len);
1541+ ALOGV("read Setting data pos of %p to %zu", this, mDataPos);
1542+ return err;
1543+ }
15391544 }
15401545 memcpy(outData, mData+mDataPos, len);
15411546 mDataPos += pad_size(len);
@@ -1557,7 +1562,12 @@ const void* Parcel::readInplace(size_t len) const
15571562 && len <= pad_size(len)) {
15581563 if (mObjectsSize > 0) {
15591564 status_t err = validateReadData(mDataPos + pad_size(len));
1560- if(err != NO_ERROR) return NULL;
1565+ if(err != NO_ERROR) {
1566+ // Still increment the data position by the expected length
1567+ mDataPos += pad_size(len);
1568+ ALOGV("readInplace Setting data pos of %p to %zu", this, mDataPos);
1569+ return NULL;
1570+ }
15611571 }
15621572
15631573 const void* data = mData+mDataPos;
@@ -1575,7 +1585,11 @@ status_t Parcel::readAligned(T *pArg) const {
15751585 if ((mDataPos+sizeof(T)) <= mDataSize) {
15761586 if (mObjectsSize > 0) {
15771587 status_t err = validateReadData(mDataPos + sizeof(T));
1578- if(err != NO_ERROR) return err;
1588+ if(err != NO_ERROR) {
1589+ // Still increment the data position by the expected length
1590+ mDataPos += sizeof(T);
1591+ return err;
1592+ }
15791593 }
15801594
15811595 const void* data = mData+mDataPos;
Afficher sur ancien navigateur de dépôt.