Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit c85a91a7 authored by Steven Moreland's avatar Steven Moreland Committed by Kevin F. Haggerty
Browse files

libbinder: check null bytes in readString*Inplace 

This is entirely defensive, since the only real guarantee we have here
from these APIs is that a buffer of a given length is available.
However, since we write 0's here, presumably to guard against people
assuming these are null-terminated strings, we might as well enforce
that they are actually null terminated.

Bug: 172655291
Test: binderParcelTest (added in newer CL)
Change-Id: Ie879112540155f6a93b97aeaf3d41ed8ba4ae79f
Merged-In: Ie879112540155f6a93b97aeaf3d41ed8ba4ae79f
(cherry picked from commit 51e02b16)
parent 6d4040fd

libs/binder/Parcel.cpp

+1 −1
Original line number Diff line number Diff line
@@ -2115,7 +2115,7 @@ const char16_t* Parcel::readString16Inplace(size_t* outLen) const 
    if (size >= 0 && size < INT32_MAX) {

        *outLen = size;

        const char16_t* str = (const char16_t*)readInplace((size+1)*sizeof(char16_t));

        if (str != NULL) {

        if (str != NULL && str[size] == u'\0') {

            return str;

        }

    }