Loading libs/binder/rust/src/parcel.rs +40 −0 Original line number Diff line number Diff line Loading @@ -723,6 +723,8 @@ fn test_read_write() { parcel.write(&1i32).unwrap(); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { parcel.set_data_position(start).unwrap(); } Loading @@ -739,6 +741,8 @@ fn test_read_data() { parcel.write(&b"Hello, Binder!\0"[..]).unwrap(); // Skip over string length // SAFETY: str_start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(str_start).is_ok()); } Loading @@ -747,42 +751,56 @@ fn test_read_data() { assert!(parcel.read::<bool>().unwrap()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<i8>().unwrap(), 72i8); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<u16>().unwrap(), 25928); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<i32>().unwrap(), 1819043144); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<u32>().unwrap(), 1819043144); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<i64>().unwrap(), 4764857262830019912); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<u64>().unwrap(), 4764857262830019912); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -790,6 +808,8 @@ fn test_read_data() { assert_eq!(parcel.read::<f32>().unwrap(), 1143139100000000000000000000.0); assert_eq!(parcel.read::<f32>().unwrap(), 40.043392); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -797,6 +817,8 @@ fn test_read_data() { assert_eq!(parcel.read::<f64>().unwrap(), 34732488246.197815); // Skip back to before the string length // SAFETY: str_start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(str_start).is_ok()); } Loading @@ -810,15 +832,21 @@ fn test_utf8_utf16_conversions() { let start = parcel.get_data_position(); assert!(parcel.write("Hello, Binder!").is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<Option<String>>().unwrap().unwrap(), "Hello, Binder!",); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(parcel.write("Embedded null \0 inside a string").is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -826,6 +854,8 @@ fn test_utf8_utf16_conversions() { parcel.read::<Option<String>>().unwrap().unwrap(), "Embedded null \0 inside a string", ); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -840,6 +870,8 @@ fn test_utf8_utf16_conversions() { let s3 = "Some more text here."; assert!(parcel.write(&[s1, s2, s3][..]).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -865,6 +897,8 @@ fn test_sized_write() { assert_eq!(parcel.get_data_position(), start + expected_len); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { parcel.set_data_position(start).unwrap(); } Loading @@ -884,6 +918,8 @@ fn test_append_from() { assert_eq!(4, parcel2.get_data_size()); assert_eq!(Ok(()), parcel2.append_all_from(&parcel1)); assert_eq!(8, parcel2.get_data_size()); // SAFETY: 0 is less than the current size of the parcel data buffer, because the parcel is not // empty. unsafe { parcel2.set_data_position(0).unwrap(); } Loading @@ -894,6 +930,8 @@ fn test_append_from() { assert_eq!(Ok(()), parcel2.append_from(&parcel1, 0, 2)); assert_eq!(Ok(()), parcel2.append_from(&parcel1, 2, 2)); assert_eq!(4, parcel2.get_data_size()); // SAFETY: 0 is less than the current size of the parcel data buffer, because the parcel is not // empty. unsafe { parcel2.set_data_position(0).unwrap(); } Loading @@ -902,6 +940,8 @@ fn test_append_from() { let mut parcel2 = Parcel::new(); assert_eq!(Ok(()), parcel2.append_from(&parcel1, 0, 2)); assert_eq!(2, parcel2.get_data_size()); // SAFETY: 0 is less than the current size of the parcel data buffer, because the parcel is not // empty. unsafe { parcel2.set_data_position(0).unwrap(); } Loading libs/binder/rust/src/parcel/parcelable.rs +66 −0 Original line number Diff line number Diff line Loading @@ -1087,6 +1087,8 @@ mod tests { assert!(custom.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1109,6 +1111,8 @@ mod tests { assert!(bools.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1118,6 +1122,8 @@ mod tests { assert_eq!(parcel.read::<u32>().unwrap(), 0); assert_eq!(parcel.read::<u32>().unwrap(), 0); assert_eq!(parcel.read::<u32>().unwrap(), 1); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1133,12 +1139,17 @@ mod tests { assert!(parcel.write(&u8s[..]).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<u32>().unwrap(), 4); // 4 items assert_eq!(parcel.read::<u32>().unwrap(), 0x752aff65); // bytes // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1148,18 +1159,25 @@ mod tests { let i8s = [-128i8, 127, 42, -117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(parcel.write(&i8s[..]).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<u32>().unwrap(), 4); // 4 items assert_eq!(parcel.read::<u32>().unwrap(), 0x8b2a7f80); // bytes // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1169,10 +1187,14 @@ mod tests { let u16s = [u16::max_value(), 12_345, 42, 117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(u16s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1182,6 +1204,9 @@ mod tests { assert_eq!(parcel.read::<u32>().unwrap(), 12345); // 12,345 assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42 assert_eq!(parcel.read::<u32>().unwrap(), 117); // 117 // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1192,10 +1217,14 @@ mod tests { let i16s = [i16::max_value(), i16::min_value(), 42, -117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(i16s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1205,6 +1234,9 @@ mod tests { assert_eq!(parcel.read::<u32>().unwrap(), 0x8000); // i16::min_value() assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42 assert_eq!(parcel.read::<u32>().unwrap(), 0xff8b); // -117 // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1215,10 +1247,14 @@ mod tests { let u32s = [u32::max_value(), 12_345, 42, 117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(u32s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1228,6 +1264,9 @@ mod tests { assert_eq!(parcel.read::<u32>().unwrap(), 12345); // 12,345 assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42 assert_eq!(parcel.read::<u32>().unwrap(), 117); // 117 // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1238,10 +1277,14 @@ mod tests { let i32s = [i32::max_value(), i32::min_value(), 42, -117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(i32s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1251,6 +1294,9 @@ mod tests { assert_eq!(parcel.read::<u32>().unwrap(), 0x80000000); // i32::min_value() assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42 assert_eq!(parcel.read::<u32>().unwrap(), 0xffffff8b); // -117 // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1261,10 +1307,14 @@ mod tests { let u64s = [u64::max_value(), 12_345, 42, 117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(u64s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1275,10 +1325,14 @@ mod tests { let i64s = [i64::max_value(), i64::min_value(), 42, -117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(i64s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1289,10 +1343,14 @@ mod tests { let f32s = [std::f32::NAN, std::f32::INFINITY, 1.23456789, std::f32::EPSILON]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(f32s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1305,10 +1363,14 @@ mod tests { let f64s = [std::f64::NAN, std::f64::INFINITY, 1.234567890123456789, std::f64::EPSILON]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(f64s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1326,10 +1388,14 @@ mod tests { let strs = [s1, s2, s3, s4]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(strs.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading libs/binder/rust/tests/integration.rs +5 −0 Original line number Diff line number Diff line Loading @@ -545,6 +545,11 @@ mod tests { } fn get_expected_selinux_context() -> &'static str { // SAFETY: The pointer we pass to `getcon` is valid because it comes from a reference, and // `getcon` doesn't retain it after it returns. If `getcon` succeeds then `out_ptr` will // point to a valid C string, otherwise it will remain null. We check for null, so the // pointer we pass to `CStr::from_ptr` must be a valid pointer to a C string. There is a // memory leak as we don't call `freecon`, but that's fine because this is just a test. unsafe { let mut out_ptr = ptr::null_mut(); assert_eq!(selinux_sys::getcon(&mut out_ptr), 0); Loading libs/binder/rust/tests/ndk_rust_interop.rs +6 −4 Original line number Diff line number Diff line Loading @@ -28,10 +28,11 @@ use std::os::raw::{c_char, c_int}; /// /// # Safety /// /// service_name must be a valid, non-null C-style string (null-terminated). /// service_name must be a valid, non-null C-style string (nul-terminated). #[no_mangle] pub unsafe extern "C" fn rust_call_ndk(service_name: *const c_char) -> c_int { let service_name = CStr::from_ptr(service_name).to_str().unwrap(); // SAFETY: Our caller promises that service_name is a valid C string. let service_name = unsafe { CStr::from_ptr(service_name) }.to_str().unwrap(); // The Rust class descriptor pointer will not match the NDK one, but the // descriptor strings match so this needs to still associate. Loading Loading @@ -85,10 +86,11 @@ impl IBinderRustNdkInteropTest for Service { /// /// # Safety /// /// service_name must be a valid, non-null C-style string (null-terminated). /// service_name must be a valid, non-null C-style string (nul-terminated). #[no_mangle] pub unsafe extern "C" fn rust_start_service(service_name: *const c_char) -> c_int { let service_name = CStr::from_ptr(service_name).to_str().unwrap(); // SAFETY: Our caller promises that service_name is a valid C string. let service_name = unsafe { CStr::from_ptr(service_name) }.to_str().unwrap(); let service = BnBinderRustNdkInteropTest::new_binder(Service, BinderFeatures::default()); match binder::add_service(service_name, service.as_binder()) { Ok(_) => StatusCode::OK as c_int, Loading libs/binder/rust/tests/parcel_fuzzer/parcel_fuzzer.rs +2 −2 Original line number Diff line number Diff line Loading @@ -105,9 +105,9 @@ fn do_read_fuzz(read_operations: Vec<ReadOperation>, data: &[u8]) { for operation in read_operations { match operation { ReadOperation::SetDataPosition { pos } => { unsafe { // Safety: Safe if pos is less than current size of the parcel. // It relies on C++ code for bound checks unsafe { match parcel.set_data_position(pos) { Ok(result) => result, Err(e) => println!("error occurred while setting data position: {:?}", e), Loading Loading
libs/binder/rust/src/parcel.rs +40 −0 Original line number Diff line number Diff line Loading @@ -723,6 +723,8 @@ fn test_read_write() { parcel.write(&1i32).unwrap(); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { parcel.set_data_position(start).unwrap(); } Loading @@ -739,6 +741,8 @@ fn test_read_data() { parcel.write(&b"Hello, Binder!\0"[..]).unwrap(); // Skip over string length // SAFETY: str_start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(str_start).is_ok()); } Loading @@ -747,42 +751,56 @@ fn test_read_data() { assert!(parcel.read::<bool>().unwrap()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<i8>().unwrap(), 72i8); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<u16>().unwrap(), 25928); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<i32>().unwrap(), 1819043144); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<u32>().unwrap(), 1819043144); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<i64>().unwrap(), 4764857262830019912); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<u64>().unwrap(), 4764857262830019912); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -790,6 +808,8 @@ fn test_read_data() { assert_eq!(parcel.read::<f32>().unwrap(), 1143139100000000000000000000.0); assert_eq!(parcel.read::<f32>().unwrap(), 40.043392); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -797,6 +817,8 @@ fn test_read_data() { assert_eq!(parcel.read::<f64>().unwrap(), 34732488246.197815); // Skip back to before the string length // SAFETY: str_start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(str_start).is_ok()); } Loading @@ -810,15 +832,21 @@ fn test_utf8_utf16_conversions() { let start = parcel.get_data_position(); assert!(parcel.write("Hello, Binder!").is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<Option<String>>().unwrap().unwrap(), "Hello, Binder!",); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(parcel.write("Embedded null \0 inside a string").is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -826,6 +854,8 @@ fn test_utf8_utf16_conversions() { parcel.read::<Option<String>>().unwrap().unwrap(), "Embedded null \0 inside a string", ); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -840,6 +870,8 @@ fn test_utf8_utf16_conversions() { let s3 = "Some more text here."; assert!(parcel.write(&[s1, s2, s3][..]).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -865,6 +897,8 @@ fn test_sized_write() { assert_eq!(parcel.get_data_position(), start + expected_len); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { parcel.set_data_position(start).unwrap(); } Loading @@ -884,6 +918,8 @@ fn test_append_from() { assert_eq!(4, parcel2.get_data_size()); assert_eq!(Ok(()), parcel2.append_all_from(&parcel1)); assert_eq!(8, parcel2.get_data_size()); // SAFETY: 0 is less than the current size of the parcel data buffer, because the parcel is not // empty. unsafe { parcel2.set_data_position(0).unwrap(); } Loading @@ -894,6 +930,8 @@ fn test_append_from() { assert_eq!(Ok(()), parcel2.append_from(&parcel1, 0, 2)); assert_eq!(Ok(()), parcel2.append_from(&parcel1, 2, 2)); assert_eq!(4, parcel2.get_data_size()); // SAFETY: 0 is less than the current size of the parcel data buffer, because the parcel is not // empty. unsafe { parcel2.set_data_position(0).unwrap(); } Loading @@ -902,6 +940,8 @@ fn test_append_from() { let mut parcel2 = Parcel::new(); assert_eq!(Ok(()), parcel2.append_from(&parcel1, 0, 2)); assert_eq!(2, parcel2.get_data_size()); // SAFETY: 0 is less than the current size of the parcel data buffer, because the parcel is not // empty. unsafe { parcel2.set_data_position(0).unwrap(); } Loading
libs/binder/rust/src/parcel/parcelable.rs +66 −0 Original line number Diff line number Diff line Loading @@ -1087,6 +1087,8 @@ mod tests { assert!(custom.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1109,6 +1111,8 @@ mod tests { assert!(bools.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1118,6 +1122,8 @@ mod tests { assert_eq!(parcel.read::<u32>().unwrap(), 0); assert_eq!(parcel.read::<u32>().unwrap(), 0); assert_eq!(parcel.read::<u32>().unwrap(), 1); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1133,12 +1139,17 @@ mod tests { assert!(parcel.write(&u8s[..]).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<u32>().unwrap(), 4); // 4 items assert_eq!(parcel.read::<u32>().unwrap(), 0x752aff65); // bytes // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1148,18 +1159,25 @@ mod tests { let i8s = [-128i8, 127, 42, -117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(parcel.write(&i8s[..]).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert_eq!(parcel.read::<u32>().unwrap(), 4); // 4 items assert_eq!(parcel.read::<u32>().unwrap(), 0x8b2a7f80); // bytes // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1169,10 +1187,14 @@ mod tests { let u16s = [u16::max_value(), 12_345, 42, 117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(u16s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1182,6 +1204,9 @@ mod tests { assert_eq!(parcel.read::<u32>().unwrap(), 12345); // 12,345 assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42 assert_eq!(parcel.read::<u32>().unwrap(), 117); // 117 // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1192,10 +1217,14 @@ mod tests { let i16s = [i16::max_value(), i16::min_value(), 42, -117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(i16s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1205,6 +1234,9 @@ mod tests { assert_eq!(parcel.read::<u32>().unwrap(), 0x8000); // i16::min_value() assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42 assert_eq!(parcel.read::<u32>().unwrap(), 0xff8b); // -117 // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1215,10 +1247,14 @@ mod tests { let u32s = [u32::max_value(), 12_345, 42, 117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(u32s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1228,6 +1264,9 @@ mod tests { assert_eq!(parcel.read::<u32>().unwrap(), 12345); // 12,345 assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42 assert_eq!(parcel.read::<u32>().unwrap(), 117); // 117 // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1238,10 +1277,14 @@ mod tests { let i32s = [i32::max_value(), i32::min_value(), 42, -117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(i32s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1251,6 +1294,9 @@ mod tests { assert_eq!(parcel.read::<u32>().unwrap(), 0x80000000); // i32::min_value() assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42 assert_eq!(parcel.read::<u32>().unwrap(), 0xffffff8b); // -117 // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1261,10 +1307,14 @@ mod tests { let u64s = [u64::max_value(), 12_345, 42, 117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(u64s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1275,10 +1325,14 @@ mod tests { let i64s = [i64::max_value(), i64::min_value(), 42, -117]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(i64s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1289,10 +1343,14 @@ mod tests { let f32s = [std::f32::NAN, std::f32::INFINITY, 1.23456789, std::f32::EPSILON]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(f32s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1305,10 +1363,14 @@ mod tests { let f64s = [std::f64::NAN, std::f64::INFINITY, 1.234567890123456789, std::f64::EPSILON]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(f64s.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading @@ -1326,10 +1388,14 @@ mod tests { let strs = [s1, s2, s3, s4]; // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } assert!(strs.serialize(&mut parcel.borrowed()).is_ok()); // SAFETY: start is less than the current size of the parcel data buffer, because we haven't // made it any shorter since we got the position. unsafe { assert!(parcel.set_data_position(start).is_ok()); } Loading
libs/binder/rust/tests/integration.rs +5 −0 Original line number Diff line number Diff line Loading @@ -545,6 +545,11 @@ mod tests { } fn get_expected_selinux_context() -> &'static str { // SAFETY: The pointer we pass to `getcon` is valid because it comes from a reference, and // `getcon` doesn't retain it after it returns. If `getcon` succeeds then `out_ptr` will // point to a valid C string, otherwise it will remain null. We check for null, so the // pointer we pass to `CStr::from_ptr` must be a valid pointer to a C string. There is a // memory leak as we don't call `freecon`, but that's fine because this is just a test. unsafe { let mut out_ptr = ptr::null_mut(); assert_eq!(selinux_sys::getcon(&mut out_ptr), 0); Loading
libs/binder/rust/tests/ndk_rust_interop.rs +6 −4 Original line number Diff line number Diff line Loading @@ -28,10 +28,11 @@ use std::os::raw::{c_char, c_int}; /// /// # Safety /// /// service_name must be a valid, non-null C-style string (null-terminated). /// service_name must be a valid, non-null C-style string (nul-terminated). #[no_mangle] pub unsafe extern "C" fn rust_call_ndk(service_name: *const c_char) -> c_int { let service_name = CStr::from_ptr(service_name).to_str().unwrap(); // SAFETY: Our caller promises that service_name is a valid C string. let service_name = unsafe { CStr::from_ptr(service_name) }.to_str().unwrap(); // The Rust class descriptor pointer will not match the NDK one, but the // descriptor strings match so this needs to still associate. Loading Loading @@ -85,10 +86,11 @@ impl IBinderRustNdkInteropTest for Service { /// /// # Safety /// /// service_name must be a valid, non-null C-style string (null-terminated). /// service_name must be a valid, non-null C-style string (nul-terminated). #[no_mangle] pub unsafe extern "C" fn rust_start_service(service_name: *const c_char) -> c_int { let service_name = CStr::from_ptr(service_name).to_str().unwrap(); // SAFETY: Our caller promises that service_name is a valid C string. let service_name = unsafe { CStr::from_ptr(service_name) }.to_str().unwrap(); let service = BnBinderRustNdkInteropTest::new_binder(Service, BinderFeatures::default()); match binder::add_service(service_name, service.as_binder()) { Ok(_) => StatusCode::OK as c_int, Loading
libs/binder/rust/tests/parcel_fuzzer/parcel_fuzzer.rs +2 −2 Original line number Diff line number Diff line Loading @@ -105,9 +105,9 @@ fn do_read_fuzz(read_operations: Vec<ReadOperation>, data: &[u8]) { for operation in read_operations { match operation { ReadOperation::SetDataPosition { pos } => { unsafe { // Safety: Safe if pos is less than current size of the parcel. // It relies on C++ code for bound checks unsafe { match parcel.set_data_position(pos) { Ok(result) => result, Err(e) => println!("error occurred while setting data position: {:?}", e), Loading
