diff options
author | Michael Wachenschwanz <mwachens@google.com> | 2019-05-15 22:58:15 -0700 |
---|---|---|
committer | Nikoli Cartagena <dargeren@google.com> | 2019-06-10 13:59:57 -0700 |
commit | d45487d08a8e0a99943ba4770f2525d77edf9379 (patch) | |
tree | c23ce509df095c6b8f4068c6438c2990cbbb3550 | |
parent | 39993ff17f4d858ffe2621f2d89d8537bfa33591 (diff) | |
download | base-d45487d08a8e0a99943ba4770f2525d77edf9379.tar.gz |
Clear the Parcel before writing an exception during a transactionandroid-8.1.0_r66
This prevents any object data from being accidentally overwritten by the
exception, which could cause unexpected malformed objects to be sent
across the transaction.
Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject
Bug: 34175893
Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013
Merged-In: Iaf80a0ad711762992b8ae60f76d861c97a403013
(cherry picked from commit f8ef5bcf21c87d8617f5e11810cc94350298d114)
-rw-r--r-- | core/java/android/os/Binder.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/java/android/os/Binder.java b/core/java/android/os/Binder.java index 0df6361d4224..3aeafab2fb30 100644 --- a/core/java/android/os/Binder.java +++ b/core/java/android/os/Binder.java @@ -706,6 +706,8 @@ public class Binder implements IBinder { Log.w(TAG, "Caught a RuntimeException from the binder stub implementation.", e); } } else { + // Clear the parcel before writing the exception + reply.setDataSize(0); reply.setDataPosition(0); reply.writeException(e); } |