Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d423f670 authored by Narayan Kamath's avatar Narayan Kamath
Browse files

Parcel: Handle NULL return from Parcel::readInPlace. 

This can happen because Parcel checks that there are enough
bytes to consume taking padding into account, whereas the JNI
wrapper only considers the unpadded length of the array.

Test: atest ParcelTest
Bug: 35384981

Change-Id: I76c01ec50391144985f56dcae016d46487f74591
parent 4d98474f

core/jni/android_os_Parcel.cpp

+13 −3
Original line number Diff line number Diff line
@@ -336,8 +336,13 @@ static jbyteArray android_os_Parcel_createByteArray(JNIEnv* env, jclass clazz, j 
                jbyte* a2 = (jbyte*)env->GetPrimitiveArrayCritical(ret, 0);

                if (a2) {

                    const void* data = parcel->readInplace(len);

                    if (data) {

                        memcpy(a2, data, len);

                    }

                    env->ReleasePrimitiveArrayCritical(ret, a2, 0);

                    if (!data) {

                        ret = NULL;

                    }

                }

            }

        }
@@ -360,9 +365,14 @@ static jboolean android_os_Parcel_readByteArray(JNIEnv* env, jclass clazz, jlong 
        jbyte* ar = (jbyte*)env->GetPrimitiveArrayCritical((jarray)dest, 0);

        if (ar) {

            const void* data = parcel->readInplace(len);

            if (data) {

                memcpy(ar, data, len);

            env->ReleasePrimitiveArrayCritical((jarray)dest, ar, 0);

                ret = JNI_TRUE;

            } else {

                ret = JNI_FALSE;

            }



            env->ReleasePrimitiveArrayCritical((jarray)dest, ar, 0);

        }

    }

    return ret;