diff options
| author | Marco Nelissen <marcone@google.com> | 2016-04-26 08:44:09 -0700 |
|---|---|---|
| committer | The Android Automerger <android-build@google.com> | 2016-06-01 16:10:17 -0700 |
| commit | d1a8dc7fc5f993e424d4bd574671be25a4f02f2f (patch) | |
| tree | 448d7742f6d63489b50d996cf75916811f93081f | |
| parent | 77061438707bf0bef40adb283a3f74358b84bd0c (diff) | |
| download | native-d1a8dc7fc5f993e424d4bd574671be25a4f02f2f.tar.gz | |
Correctly handle dup() failure in Parcel::readNativeHandleandroid-6.0.1_r55
bail out if dup() fails, instead of creating an invalid native_handle_t
Bug: 28395952
Change-Id: Ia1a6198c0f45165b9c6a55a803e5f64d8afa0572
(cherry picked from commit 1de7966c72981aebc3c7f9978ab129678ac89258)
| -rw-r--r-- | libs/binder/Parcel.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp index 22d7ef36c3..4a660d1fbe 100644 --- a/libs/binder/Parcel.cpp +++ b/libs/binder/Parcel.cpp @@ -1377,7 +1377,13 @@ native_handle* Parcel::readNativeHandle() const for (int i=0 ; err==NO_ERROR && i<numFds ; i++) { h->data[i] = dup(readFileDescriptor()); - if (h->data[i] < 0) err = BAD_VALUE; + if (h->data[i] < 0) { + for (int j = 0; j < i; j++) { + close(h->data[j]); + } + native_handle_delete(h); + return 0; + } } err = read(h->data + numFds, sizeof(int)*numInts); if (err != NO_ERROR) { |