Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-07-20 10:11:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
add30db605
DivestOS/Patches/LineageOS-11.0/android_frameworks_native/256319.patch

38 lines
1.3 KiB
Diff
Raw Blame History

From 8abbfba105c0d394b10a6f9d2fcc1a6441a8b0ca Mon Sep 17 00:00:00 2001
From: Michael Wachenschwanz <mwachens@google.com>
Date: Mon, 3 Jun 2019 17:24:51 -0700
Subject: [PATCH] Free mObjects if no objects left to realloc on resize
Fixes: 134168436
Test: atest CtsOsTestCases:ParcelTest#testObjectDoubleFree
Change-Id: I82e7e8c7b4206fb45b832a71d174df45edb62710
---
libs/binder/Parcel.cpp | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 2ca4170c7d..4d13767a2b 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -1647,10 +1647,16 @@ status_t Parcel::continueWrite(size_t desired)
}
release_object(proc, *flat, this);
}
- size_t* objects =
- (size_t*)realloc(mObjects, objectsSize*sizeof(size_t));
- if (objects) {
- mObjects = objects;
+
+ if (objectsSize == 0) {
+ free(mObjects);
+ mObjects = NULL;
+ } else {
+ size_t* objects =
+ (size_t*)realloc(mObjects, objectsSize*sizeof(size_t));
+ if (objects) {
+ mObjects = objects;
+ }
}
mObjectsSize = objectsSize;
mNextObjectHint = 0;
Reference in New Issue View Git Blame Copy Permalink