am e45636a8: am d437364e: am f50b9eaa: Binder: Make sure binder objects do not overlap

#include <private/binder/binder_module.h>

#include <private/binder/binder_module.h>

#include <inttypes.h>

#include <stdio.h>

#include <stdio.h>

#include <stdlib.h>

#include <stdlib.h>

#include <stdint.h>

#include <stdint.h>

void Parcel::ipcSetDataReference(const uint8_t* data, size_t dataSize,

void Parcel::ipcSetDataReference(const uint8_t* data, size_t dataSize,

    const binder_size_t* objects, size_t objectsCount, release_func relFunc, void* relCookie)

    const binder_size_t* objects, size_t objectsCount, release_func relFunc, void* relCookie)

{

{

    binder_size_t minOffset = 0;

    freeDataNoInit();

    freeDataNoInit();

    mError = NO_ERROR;

    mError = NO_ERROR;

    mData = const_cast<uint8_t*>(data);

    mData = const_cast<uint8_t*>(data);

    mNextObjectHint = 0;

    mNextObjectHint = 0;

    mOwner = relFunc;

    mOwner = relFunc;

    mOwnerCookie = relCookie;

    mOwnerCookie = relCookie;

    for (size_t i = 0; i < mObjectsSize; i++) {

        binder_size_t offset = mObjects[i];

        if (offset < minOffset) {

            ALOGE("%s: bad object offset %"PRIu64" < %"PRIu64"\n",

                  __func__, (uint64_t)offset, (uint64_t)minOffset);

            mObjectsSize = 0;

            break;

        }

        minOffset = offset + sizeof(flat_binder_object);

    }

    scanForFds();

    scanForFds();

}

}