Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6ca117bd authored by Steven Moreland's avatar Steven Moreland
Browse files

HwBlob: explicit size check 

It was noticed in the course of a related issue that the wrong type is
passed over the JNI boundary here (relies on specific ABI).

Bug: 177497444
Test: boot + 'atest hidl_test_java'
Change-Id: I1fd55d450775f9ca8075fbd62fbafb3f16c569f0
parent 59df97be

core/jni/android_os_HwBlob.cpp

+11 −1
Original line number Diff line number Diff line
@@ -257,7 +257,17 @@ jobject JHwBlob::NewObject(JNIEnv *env, size_t size) { 
    // XXX Again cannot refer to gFields.constructID because InitClass may

    // not have been called yet.



    return env->NewObject(clazz.get(), constructID, size);

    // Cases:

    // - this originates from another process (something so large should not fit

    //   in the binder buffer, and it should be rejected by the binder driver)

    // - if this is used in process, this code makes too many heap copies (in

    //   order to retrofit HIDL's scatter-gather format to java types) to

    //   justify passing such a large amount of data over this path. So the

    //   alternative (updating the constructor and other code to accept other

    //   types, should also probably not be taken in this case).

    CHECK_LE(size, std::numeric_limits<jint>::max());



    return env->NewObject(clazz.get(), constructID, static_cast<jint>(size));

}



}  // namespace android