diff options
| author | Arve Hjønnevåg <arve@android.com> | 2014-02-18 21:10:29 -0800 |
|---|---|---|
| committer | Arve Hjønnevåg <arve@android.com> | 2014-02-18 21:14:41 -0800 |
| commit | 07fd0f195db6d341cab4e54257f508d802c98832 (patch) | |
| tree | 452ae075c4dc93a9a2d99d316d627bb4171ab2cf | |
| parent | 87b30d0447829167b2d83f4f61f702638d937524 (diff) | |
| download | frameworks_native-07fd0f195db6d341cab4e54257f508d802c98832.zip frameworks_native-07fd0f195db6d341cab4e54257f508d802c98832.tar.gz frameworks_native-07fd0f195db6d341cab4e54257f508d802c98832.tar.bz2 | |
Binder: Fix some valgrind errors.
When using 64 bit binder pointers, only initializing the 32 bit
handle, in a stack allocated struct, will pass uninitialized stack
data to the kernel and other processes.
Change-Id: I3432d9d36bb251d8ddb0a863661aeb80aabb3d92
| -rw-r--r-- | libs/binder/IPCThreadState.cpp | 1 | ||||
| -rw-r--r-- | libs/binder/Parcel.cpp | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/libs/binder/IPCThreadState.cpp b/libs/binder/IPCThreadState.cpp index 65329f5..35dba12 100644 --- a/libs/binder/IPCThreadState.cpp +++ b/libs/binder/IPCThreadState.cpp @@ -904,6 +904,7 @@ status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags, { binder_transaction_data tr; + tr.target.ptr = 0; /* Don't pass uninitialized stack data to a remote process */ tr.target.handle = handle; tr.code = code; tr.flags = binderFlags; diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp index 03bcf01..9f56def 100644 --- a/libs/binder/Parcel.cpp +++ b/libs/binder/Parcel.cpp @@ -164,6 +164,7 @@ status_t flatten_binder(const sp<ProcessState>& /*proc*/, } const int32_t handle = proxy ? proxy->handle() : 0; obj.type = BINDER_TYPE_HANDLE; + obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ obj.handle = handle; obj.cookie = 0; } else { @@ -197,6 +198,7 @@ status_t flatten_binder(const sp<ProcessState>& /*proc*/, } const int32_t handle = proxy ? proxy->handle() : 0; obj.type = BINDER_TYPE_WEAK_HANDLE; + obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ obj.handle = handle; obj.cookie = 0; } else { @@ -748,6 +750,7 @@ status_t Parcel::writeFileDescriptor(int fd, bool takeOwnership) flat_binder_object obj; obj.type = BINDER_TYPE_FD; obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; + obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ obj.handle = fd; obj.cookie = takeOwnership ? 1 : 0; return writeObject(obj, true); |