Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 569c3023 authored by Hani Kazmi's avatar Hani Kazmi Committed by Android Build Coastguard Worker
Browse files

Update Parcel readLazyValue to ignore negative object lengths 

Addresses a security vulnerability where a (-8) length object would
cause dataPosition to be reset back to the statt of the value, and be
re-read again.

Bug: 240138294
Test: atest ParcelTest BundleTest AmbiguousBundlesTest
Test: manually ran PoC
Change-Id: I1ab1df6f2a802d8cdf02c89c12959b09d7b1a5c4
Merged-In: I1ab1df6f2a802d8cdf02c89c12959b09d7b1a5c4
(cherry picked from commit 8e01230d)
Merged-In: I1ab1df6f2a802d8cdf02c89c12959b09d7b1a5c4
parent 1e41d335
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment