diff options
author | Marco Nelissen <marcone@google.com> | 2016-04-26 08:44:09 -0700 |
---|---|---|
committer | The Android Automerger <android-build@google.com> | 2016-05-26 15:19:53 -0700 |
commit | dd2ce3e0509deeeb3344f047d09b8661b360a968 (patch) | |
tree | fb03ba563c5cb89e76c9be1c358d59939b680eee | |
parent | 433616eda147bb7e557796b4e02795946ff2478b (diff) | |
download | native-android-cts-5.1_r19.tar.gz |
Correctly handle dup() failure in Parcel::readNativeHandleandroid-cts-5.1_r28android-cts-5.1_r27android-cts-5.1_r26android-cts-5.1_r25android-cts-5.1_r24android-cts-5.1_r23android-cts-5.1_r22android-cts-5.1_r21android-cts-5.1_r20android-cts-5.1_r19android-cts-5.1_r18android-cts-5.1_r17android-cts-5.1_r16android-cts-5.1_r15android-cts-5.1_r14android-cts-5.1_r13android-5.1.1_r38lollipop-mr1-releaselollipop-mr1-cts-release
bail out if dup() fails, instead of creating an invalid native_handle_t
Bug: 28395952
Change-Id: Ia1a6198c0f45165b9c6a55a803e5f64d8afa0572
-rw-r--r-- | libs/binder/Parcel.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp index 87ce5d076e..ba7ccfc023 100644 --- a/libs/binder/Parcel.cpp +++ b/libs/binder/Parcel.cpp @@ -1221,7 +1221,13 @@ native_handle* Parcel::readNativeHandle() const for (int i=0 ; err==NO_ERROR && i<numFds ; i++) { h->data[i] = dup(readFileDescriptor()); - if (h->data[i] < 0) err = BAD_VALUE; + if (h->data[i] < 0) { + for (int j = 0; j < i; j++) { + close(h->data[j]); + } + native_handle_delete(h); + return 0; + } } err = read(h->data + numFds, sizeof(int)*numInts); if (err != NO_ERROR) { |