From 93ff1f985e233fe04412a65041e977c9f0c21f5b Mon Sep 17 00:00:00 2001 From: Jeff Brown Date: Fri, 4 Nov 2011 19:01:44 -0700 Subject: Fix a leak in Parcel::writeBlob. Was mistakenly assuming that Parcel::writeFileDescriptor took ownership of the fd that was passed in. It does not! Added some comments and a default parameter to allow the caller to specify whether it wishes the Parcel to take ownership. Bug: 5563374 Change-Id: I5a12f51d582bf246ce90133cce7690bb9bca93f6 --- libs/binder/Parcel.cpp | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) (limited to 'libs/binder/Parcel.cpp') diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp index c7180ce..6b4c1a6 100644 --- a/libs/binder/Parcel.cpp +++ b/libs/binder/Parcel.cpp @@ -710,24 +710,19 @@ status_t Parcel::writeNativeHandle(const native_handle* handle) return err; } -status_t Parcel::writeFileDescriptor(int fd) +status_t Parcel::writeFileDescriptor(int fd, bool takeOwnership) { flat_binder_object obj; obj.type = BINDER_TYPE_FD; obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; obj.handle = fd; - obj.cookie = (void*)0; + obj.cookie = (void*) (takeOwnership ? 1 : 0); return writeObject(obj, true); } status_t Parcel::writeDupFileDescriptor(int fd) { - flat_binder_object obj; - obj.type = BINDER_TYPE_FD; - obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; - obj.handle = dup(fd); - obj.cookie = (void*)1; - return writeObject(obj, true); + return writeFileDescriptor(dup(fd), true /*takeOwnership*/); } status_t Parcel::writeBlob(size_t len, WritableBlob* outBlob) @@ -764,7 +759,7 @@ status_t Parcel::writeBlob(size_t len, WritableBlob* outBlob) } else { status = writeInt32(1); if (!status) { - status = writeFileDescriptor(fd); + status = writeFileDescriptor(fd, true /*takeOwnership*/); if (!status) { outBlob->init(true /*mapped*/, ptr, len); return NO_ERROR; -- cgit v1.1