Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7571708f authored May 28, 2025 by Thomas Cedeno

Binder: Update zeroMemory for AIDL transactions

Due to compiler optimizations, there are cases where memset is
optimized out of the actual compiled artifact if the compiler
knows that memory cell won't be access by the process. For
security reasons this isn't ideal, this change introduces
memset_explicit and an assembly instruction to match memset_explicit
as a fallback.

Bug: 416248344
Test: aidl_unittests, aidl_integration_test, binderLibTest
Flag: EXEMPT bugfix
Change-Id: I596229d97338cfc280fb87dc02f75705ea33b273

parent 1a0d3789

libs/binder/Utils.cpp

+0 −4

Original line number	Diff line number	Diff line
		@@ -20,10 +20,6 @@

		namespace android {

		void zeroMemory(uint8_t* data, size_t size) {
		memset(data, 0, size);
		}

		std::string HexString(const void* bytes, size_t len) {
		LOG_ALWAYS_FATAL_IF(len > 0 && bytes == nullptr, "%p %zu", bytes, len);

libs/binder/Utils.h

+10 −1

Original line number	Diff line number	Diff line
		@@ -85,7 +85,16 @@ constexpr size_t countof(T (&)[N]) {
		}

		// avoid optimizations
		void zeroMemory(uint8_t* data, size_t size);
		inline void zeroMemory(uint8_t* data, size_t size) {
		#ifdef __BIONIC__
		memset_explicit(data, 0, size);
		#else
		// Assembly marking to prevent any optimizing compiler from not actually clearing the buffer,
		// this matches what exactly what memset_explicit does.
		memset(data, 0, size);
		__asm__ __volatile__("" : : "r"(data) : "memory");
		#endif
		}

		// View of contiguous sequence. Similar to std::span.
		template <typename T>