mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-09-15 22:12:24 +00:00
31 lines
1.2 KiB
Diff
31 lines
1.2 KiB
Diff
From 119329bdfbebf3826859000472afbcdb50ad96d8 Mon Sep 17 00:00:00 2001
|
|
From: Michael Wachenschwanz <mwachens@google.com>
|
|
Date: Wed, 15 May 2019 22:58:15 -0700
|
|
Subject: [PATCH] Clear the Parcel before writing an exception during a
|
|
transaction
|
|
|
|
This prevents any object data from being accidentally overwritten by the
|
|
exception, which could cause unexpected malformed objects to be sent
|
|
across the transaction.
|
|
|
|
Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject
|
|
Fixes: 34175893
|
|
Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013
|
|
---
|
|
core/java/android/os/Binder.java | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/core/java/android/os/Binder.java b/core/java/android/os/Binder.java
|
|
index f4a83910e652..cd0e5ea76551 100644
|
|
--- a/core/java/android/os/Binder.java
|
|
+++ b/core/java/android/os/Binder.java
|
|
@@ -413,6 +413,8 @@ private boolean execTransact(int code, int dataObj, int replyObj,
|
|
if ((flags & FLAG_ONEWAY) != 0) {
|
|
Log.w(TAG, "Caught a RuntimeException from the binder stub implementation.", e);
|
|
}
|
|
+ // Clear the parcel before writing the exception
|
|
+ reply.setDataSize(0);
|
|
reply.setDataPosition(0);
|
|
reply.writeException(e);
|
|
res = true;
|