Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9ba1cc57 authored by Steven Moreland's avatar Steven Moreland Committed by Android (Google) Code Review
Browse files

Merge changes I8929d11e,Ib737e81f into main 

* changes:
  Parcel: free objects before realloc
  binder_parcel_fuzz: add setData
parents a791e89f c6b0dfa3

libs/binder/Parcel.cpp

+2 −2
Original line number Diff line number Diff line
@@ -2976,14 +2976,14 @@ status_t Parcel::restartWrite(size_t desired) 
        return continueWrite(desired);

    }



    releaseObjects();



    uint8_t* data = reallocZeroFree(mData, mDataCapacity, desired, mDeallocZero);

    if (!data && desired > mDataCapacity) {

        mError = NO_MEMORY;

        return NO_MEMORY;

    }



    releaseObjects();



    if (data || desired == 0) {

        LOG_ALLOC("Parcel %p: restart from %zu to %zu capacity", this, mDataCapacity, desired);

        if (mDataCapacity > desired) {

libs/binder/tests/parcel_fuzzer/binder.cpp

+8 −0
Original line number Diff line number Diff line
@@ -115,6 +115,14 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS { 
        p.setDataPosition(pos);

        FUZZ_LOG() << "setDataPosition done";

    },

    [] (const ::android::Parcel& p, FuzzedDataProvider& provider) {

        size_t len = provider.ConsumeIntegralInRange<size_t>(0, 1024);

        std::vector<uint8_t> bytes = provider.ConsumeBytes<uint8_t>(len);

        FUZZ_LOG() << "about to setData: " <<(bytes.data() ? HexString(bytes.data(), bytes.size()) : "null");

        // TODO: allow all read and write operations

        (*const_cast<::android::Parcel*>(&p)).setData(bytes.data(), bytes.size());

        FUZZ_LOG() << "setData done";

    },

    PARCEL_READ_NO_STATUS(size_t, allowFds),

    PARCEL_READ_NO_STATUS(size_t, hasFileDescriptors),

    PARCEL_READ_NO_STATUS(std::vector<android::sp<android::IBinder>>, debugReadAllStrongBinders),