Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit caf14b26 authored by Steven Moreland's avatar Steven Moreland
Browse files

libbinder: RPC - better error for malformed parcel 

Was making it harder to debug an issue with binder_bpBinderFuzz.

Bug: 200368820
Test: binder_bpBinderFuzz
Change-Id: I915c04db1b00ed12385e2f6821320166c41febfa
parent 10717131

libs/binder/RpcState.cpp

+6 −2
Original line number Diff line number Diff line
@@ -427,12 +427,16 @@ status_t RpcState::transact(const sp<RpcSession::RpcConnection>& connection, 
                            const sp<IBinder>& binder, uint32_t code, const Parcel& data,

                            const sp<RpcSession>& session, Parcel* reply, uint32_t flags) {

    if (!data.isForRpc()) {

        ALOGE("Refusing to send RPC with parcel not crafted for RPC");

        ALOGE("Refusing to send RPC with parcel not crafted for RPC call on binder %p code "

              "%" PRIu32,

              binder.get(), code);

        return BAD_TYPE;

    }



    if (data.objectsCount() != 0) {

        ALOGE("Parcel at %p has attached objects but is being used in an RPC call", &data);

        ALOGE("Parcel at %p has attached objects but is being used in an RPC call on binder %p "

              "code %" PRIu32,

              &data, binder.get(), code);

        return BAD_TYPE;

    }