Check for null data buffer in AParcel_marshal

Test: m binder_parcel_fuzzer && out/host/linux-x86/fuzz/x86_64/binder_parcel_fuzzer/binder_parcel_fuzzer Bug: 265412053 Change-Id: I2f2b9b82ef1f86ba046deffba6d719c1be433ab5
author: Pawan Wagh <waghpawan@google.com> 2023-01-20 19:11:39 +0000
committer: Pawan Wagh <waghpawan@google.com> 2023-01-20 20:55:10 +0000
commit: 0beb956917b34471e5709a6ce2ab47d83011b1e6 (patch)
tree: 2f9a70362c60ae840417468d7591a805055834ad
parent: a754657354c4d3889b19bcaeac13802ba00674e7 (diff)
download: native-0beb956917b34471e5709a6ce2ab47d83011b1e6.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libs/binder/ndk/parcel.cpp b/libs/binder/ndk/parcel.cpp
index 86930229ce..94f72d96f6 100644
--- a/libs/binder/ndk/parcel.cpp
+++ b/libs/binder/ndk/parcel.cpp
@@ -700,6 +700,9 @@ binder_status_t AParcel_marshal(const AParcel* parcel, uint8_t* buffer, size_t s
         return STATUS_BAD_VALUE;
     }
     const uint8_t* internalBuffer = parcel->get()->data();
+    if (internalBuffer == nullptr) {
+        return STATUS_UNEXPECTED_NULL;
+    }
     memcpy(buffer, internalBuffer + start, len);
     return STATUS_OK;
 }
author	Pawan Wagh <waghpawan@google.com>	2023-01-20 19:11:39 +0000
committer	Pawan Wagh <waghpawan@google.com>	2023-01-20 20:55:10 +0000
commit	0beb956917b34471e5709a6ce2ab47d83011b1e6 (patch)
tree	2f9a70362c60ae840417468d7591a805055834ad
parent	a754657354c4d3889b19bcaeac13802ba00674e7 (diff)
download	native-0beb956917b34471e5709a6ce2ab47d83011b1e6.tar.gz