Disregard alleged binder entities beyond parcel bounds (1b8a2f82) · Commits · e / os / android_frameworks_native-old

libs/binder/Parcel.cpp

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -390,7 +390,7 @@ status_t Parcel::appendFrom(const Parcel *parcel, size_t offset, size_t len)
	// Count objects in range		// Count objects in range
	for (int i = 0; i < (int) size; i++) {		for (int i = 0; i < (int) size; i++) {
	size_t off = objects[i];		size_t off = objects[i];
	if ((off >= offset) && (off < offset + len)) {		if ((off >= offset) && (off + sizeof(flat_binder_object) <= offset + len)) {
	if (firstIndex == -1) {		if (firstIndex == -1) {
	firstIndex = i;		firstIndex = i;
	}		}