libbinder_ndk: fix UB memory access for race (e88055bb) · Commits · e / os / android_frameworks_native-old

libs/binder/ndk/ibinder_internal.h

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -133,7 +133,7 @@ struct AIBinder_DeathRecipient {
	// binderDied receipt only gives us information about the IBinder.		// binderDied receipt only gives us information about the IBinder.
	struct TransferDeathRecipient : ::android::IBinder::DeathRecipient {		struct TransferDeathRecipient : ::android::IBinder::DeathRecipient {
	TransferDeathRecipient(const ::android::wp<::android::IBinder>& who, void* cookie,		TransferDeathRecipient(const ::android::wp<::android::IBinder>& who, void* cookie,
	const AIBinder_DeathRecipient_onBinderDied& onDied)		const AIBinder_DeathRecipient_onBinderDied onDied)
	: mWho(who), mCookie(cookie), mOnDied(onDied) {}		: mWho(who), mCookie(cookie), mOnDied(onDied) {}

	void binderDied(const ::android::wp<::android::IBinder>& who) override;		void binderDied(const ::android::wp<::android::IBinder>& who) override;
	@@ -144,7 +144,7 @@ struct AIBinder_DeathRecipient {
	private:		private:
	::android::wp<::android::IBinder> mWho;		::android::wp<::android::IBinder> mWho;
	void* mCookie;		void* mCookie;
	const AIBinder_DeathRecipient_onBinderDied& mOnDied;		const AIBinder_DeathRecipient_onBinderDied mOnDied;
	};		};

	explicit AIBinder_DeathRecipient(AIBinder_DeathRecipient_onBinderDied onDied);		explicit AIBinder_DeathRecipient(AIBinder_DeathRecipient_onBinderDied onDied);