Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cfe27dea authored by Nick Kralevich's avatar Nick Kralevich Committed by Alex Deymo
Browse files

handle size_t > java max int size 

Cleanly abort if we would have returned a value which can't be safely
handled by the java APIs. I'm not sure this code is reachable, but
adding the check just in case.

Bug: 16676699

(cherry picked from commit 3f6b702b)

Change-Id: Iddc16f32cb5d46219a4dcb3548bcfeaade0f9c9e
parent f28b295d

libs/binder/Parcel.cpp

+5 −7
Original line number Diff line number Diff line
@@ -378,13 +378,11 @@ size_t Parcel::dataSize() const 


size_t Parcel::dataAvail() const

{

    // TODO: decide what to do about the possibility that this can

    // report an available-data size that exceeds a Java int's max

    // positive value, causing havoc.  Fortunately this will only

    // happen if someone constructs a Parcel containing more than two

    // gigabytes of data, which on typical phone hardware is simply

    // not possible.

    return dataSize() - dataPosition();

    size_t result = dataSize() - dataPosition();

    if (result > INT32_MAX) {

        abort();

    }

    return result;

}



size_t Parcel::dataPosition() const