Verify that the native handle was created

The inputs to native_handle_create can cause an overflowed allocation, so check the return value of native_handle_create before accessing the memory it returns. Bug:19334482 Change-Id: I1f489382776c2a1390793a79dc27ea17baa9b2a2 (cherry picked from commit eaac99a7172da52a76ba48c26413778a74951b1a)
author: Adam Lesinski <adamlesinski@google.com> 2015-05-12 17:35:48 -0700
committer: Zach Riggle <riggle@google.com> 2015-05-13 17:16:00 +0000
commit: 4ff0cb4404db31576cd8a81ca5ef3b044d492904 (patch)
tree: 0621ed7ac036838244c95cdfdd463c889bac35b6 /libs/binder/Parcel.cpp
parent: da9fd70de125b0e6df4fb6285f538be9133c7b22 (diff)
download: frameworks_native-4ff0cb4404db31576cd8a81ca5ef3b044d492904.zip
frameworks_native-4ff0cb4404db31576cd8a81ca5ef3b044d492904.tar.gz
frameworks_native-4ff0cb4404db31576cd8a81ca5ef3b044d492904.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index db9e0a1..e5a2871 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -1144,6 +1144,10 @@ native_handle* Parcel::readNativeHandle() const
     if (err != NO_ERROR) return 0;
 
     native_handle* h = native_handle_create(numFds, numInts);
+    if (!h) {
+        return 0;
+    }
+
     for (int i=0 ; err==NO_ERROR && i<numFds ; i++) {
         h->data[i] = dup(readFileDescriptor());
         if (h->data[i] < 0) err = BAD_VALUE;
author	Adam Lesinski <adamlesinski@google.com>	2015-05-12 17:35:48 -0700
committer	Zach Riggle <riggle@google.com>	2015-05-13 17:16:00 +0000
commit	4ff0cb4404db31576cd8a81ca5ef3b044d492904 (patch)
tree	0621ed7ac036838244c95cdfdd463c889bac35b6 /libs/binder/Parcel.cpp
parent	da9fd70de125b0e6df4fb6285f538be9133c7b22 (diff)
download	frameworks_native-4ff0cb4404db31576cd8a81ca5ef3b044d492904.zip frameworks_native-4ff0cb4404db31576cd8a81ca5ef3b044d492904.tar.gz frameworks_native-4ff0cb4404db31576cd8a81ca5ef3b044d492904.tar.bz2