Loading libs/binder/Parcel.cpp +31 −8 Original line number Original line Diff line number Diff line Loading @@ -27,6 +27,7 @@ #include <sys/mman.h> #include <sys/mman.h> #include <sys/stat.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/types.h> #include <sys/resource.h> #include <unistd.h> #include <unistd.h> #include <binder/Binder.h> #include <binder/Binder.h> Loading Loading @@ -88,6 +89,8 @@ static pthread_mutex_t gParcelGlobalAllocSizeLock = PTHREAD_MUTEX_INITIALIZER; static size_t gParcelGlobalAllocSize = 0; static size_t gParcelGlobalAllocSize = 0; static size_t gParcelGlobalAllocCount = 0; static size_t gParcelGlobalAllocCount = 0; static size_t gMaxFds = 0; // Maximum size of a blob to transfer in-place. // Maximum size of a blob to transfer in-place. static const size_t BLOB_INPLACE_LIMIT = 16 * 1024; static const size_t BLOB_INPLACE_LIMIT = 16 * 1024; Loading Loading @@ -1268,7 +1271,7 @@ status_t Parcel::write(const FlattenableHelperInterface& val) const size_t len = val.getFlattenedSize(); const size_t len = val.getFlattenedSize(); const size_t fd_count = val.getFdCount(); const size_t fd_count = val.getFdCount(); if ((len > INT32_MAX) || (fd_count > INT32_MAX)) { if ((len > INT32_MAX) || (fd_count >= gMaxFds)) { // don't accept size_t values which may have come from an // don't accept size_t values which may have come from an // inadvertent conversion from a negative int. // inadvertent conversion from a negative int. return BAD_VALUE; return BAD_VALUE; Loading @@ -1287,7 +1290,11 @@ status_t Parcel::write(const FlattenableHelperInterface& val) int* fds = NULL; int* fds = NULL; if (fd_count) { if (fd_count) { fds = new int[fd_count]; fds = new (std::nothrow) int[fd_count]; if (fds == nullptr) { ALOGE("write: failed to allocate requested %zu fds", fd_count); return BAD_VALUE; } } } err = val.flatten(buf, len, fds, fd_count); err = val.flatten(buf, len, fds, fd_count); Loading Loading @@ -1479,7 +1486,7 @@ status_t readByteVectorInternalPtr( } } parcel->setDataPosition(start); parcel->setDataPosition(start); val->reset(new std::vector<T>()); val->reset(new (std::nothrow) std::vector<T>()); status = readByteVectorInternal(parcel, val->get()); status = readByteVectorInternal(parcel, val->get()); Loading Loading @@ -1551,7 +1558,7 @@ status_t Parcel::readBoolVector(std::unique_ptr<std::vector<bool>>* val) const { } } setDataPosition(start); setDataPosition(start); val->reset(new std::vector<bool>()); val->reset(new (std::nothrow) std::vector<bool>()); status = readBoolVector(val->get()); status = readBoolVector(val->get()); Loading Loading @@ -1811,7 +1818,7 @@ status_t Parcel::readUtf8FromUtf16(std::unique_ptr<std::string>* str) const { } } setDataPosition(start); setDataPosition(start); str->reset(new std::string()); str->reset(new (std::nothrow) std::string()); return readUtf8FromUtf16(str->get()); return readUtf8FromUtf16(str->get()); } } Loading Loading @@ -1864,7 +1871,7 @@ status_t Parcel::readString16(std::unique_ptr<String16>* pArg) const } } setDataPosition(start); setDataPosition(start); pArg->reset(new String16()); pArg->reset(new (std::nothrow) String16()); status = readString16(pArg->get()); status = readString16(pArg->get()); Loading Loading @@ -2052,7 +2059,7 @@ status_t Parcel::read(FlattenableHelperInterface& val) const const size_t len = this->readInt32(); const size_t len = this->readInt32(); const size_t fd_count = this->readInt32(); const size_t fd_count = this->readInt32(); if (len > INT32_MAX) { if ((len > INT32_MAX) || (fd_count >= gMaxFds)) { // don't accept size_t values which may have come from an // don't accept size_t values which may have come from an // inadvertent conversion from a negative int. // inadvertent conversion from a negative int. return BAD_VALUE; return BAD_VALUE; Loading @@ -2065,7 +2072,11 @@ status_t Parcel::read(FlattenableHelperInterface& val) const int* fds = NULL; int* fds = NULL; if (fd_count) { if (fd_count) { fds = new int[fd_count]; fds = new (std::nothrow) int[fd_count]; if (fds == nullptr) { ALOGE("read: failed to allocate requested %zu fds", fd_count); return BAD_VALUE; } } } status_t err = NO_ERROR; status_t err = NO_ERROR; Loading Loading @@ -2542,6 +2553,18 @@ void Parcel::initState() mAllowFds = true; mAllowFds = true; mOwner = NULL; mOwner = NULL; mOpenAshmemSize = 0; mOpenAshmemSize = 0; // racing multiple init leads only to multiple identical write if (gMaxFds == 0) { struct rlimit result; if (!getrlimit(RLIMIT_NOFILE, &result)) { gMaxFds = (size_t)result.rlim_cur; ALOGI("parcel fd limit set to %zu", gMaxFds); } else { ALOGW("Unable to getrlimit: %s", strerror(errno)); gMaxFds = 1024; } } } } void Parcel::scanForFds() const void Parcel::scanForFds() const Loading include/binder/Parcel.h +1 −1 File changed.Contains only whitespace changes. Show changes Loading
libs/binder/Parcel.cpp +31 −8 Original line number Original line Diff line number Diff line Loading @@ -27,6 +27,7 @@ #include <sys/mman.h> #include <sys/mman.h> #include <sys/stat.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/types.h> #include <sys/resource.h> #include <unistd.h> #include <unistd.h> #include <binder/Binder.h> #include <binder/Binder.h> Loading Loading @@ -88,6 +89,8 @@ static pthread_mutex_t gParcelGlobalAllocSizeLock = PTHREAD_MUTEX_INITIALIZER; static size_t gParcelGlobalAllocSize = 0; static size_t gParcelGlobalAllocSize = 0; static size_t gParcelGlobalAllocCount = 0; static size_t gParcelGlobalAllocCount = 0; static size_t gMaxFds = 0; // Maximum size of a blob to transfer in-place. // Maximum size of a blob to transfer in-place. static const size_t BLOB_INPLACE_LIMIT = 16 * 1024; static const size_t BLOB_INPLACE_LIMIT = 16 * 1024; Loading Loading @@ -1268,7 +1271,7 @@ status_t Parcel::write(const FlattenableHelperInterface& val) const size_t len = val.getFlattenedSize(); const size_t len = val.getFlattenedSize(); const size_t fd_count = val.getFdCount(); const size_t fd_count = val.getFdCount(); if ((len > INT32_MAX) || (fd_count > INT32_MAX)) { if ((len > INT32_MAX) || (fd_count >= gMaxFds)) { // don't accept size_t values which may have come from an // don't accept size_t values which may have come from an // inadvertent conversion from a negative int. // inadvertent conversion from a negative int. return BAD_VALUE; return BAD_VALUE; Loading @@ -1287,7 +1290,11 @@ status_t Parcel::write(const FlattenableHelperInterface& val) int* fds = NULL; int* fds = NULL; if (fd_count) { if (fd_count) { fds = new int[fd_count]; fds = new (std::nothrow) int[fd_count]; if (fds == nullptr) { ALOGE("write: failed to allocate requested %zu fds", fd_count); return BAD_VALUE; } } } err = val.flatten(buf, len, fds, fd_count); err = val.flatten(buf, len, fds, fd_count); Loading Loading @@ -1479,7 +1486,7 @@ status_t readByteVectorInternalPtr( } } parcel->setDataPosition(start); parcel->setDataPosition(start); val->reset(new std::vector<T>()); val->reset(new (std::nothrow) std::vector<T>()); status = readByteVectorInternal(parcel, val->get()); status = readByteVectorInternal(parcel, val->get()); Loading Loading @@ -1551,7 +1558,7 @@ status_t Parcel::readBoolVector(std::unique_ptr<std::vector<bool>>* val) const { } } setDataPosition(start); setDataPosition(start); val->reset(new std::vector<bool>()); val->reset(new (std::nothrow) std::vector<bool>()); status = readBoolVector(val->get()); status = readBoolVector(val->get()); Loading Loading @@ -1811,7 +1818,7 @@ status_t Parcel::readUtf8FromUtf16(std::unique_ptr<std::string>* str) const { } } setDataPosition(start); setDataPosition(start); str->reset(new std::string()); str->reset(new (std::nothrow) std::string()); return readUtf8FromUtf16(str->get()); return readUtf8FromUtf16(str->get()); } } Loading Loading @@ -1864,7 +1871,7 @@ status_t Parcel::readString16(std::unique_ptr<String16>* pArg) const } } setDataPosition(start); setDataPosition(start); pArg->reset(new String16()); pArg->reset(new (std::nothrow) String16()); status = readString16(pArg->get()); status = readString16(pArg->get()); Loading Loading @@ -2052,7 +2059,7 @@ status_t Parcel::read(FlattenableHelperInterface& val) const const size_t len = this->readInt32(); const size_t len = this->readInt32(); const size_t fd_count = this->readInt32(); const size_t fd_count = this->readInt32(); if (len > INT32_MAX) { if ((len > INT32_MAX) || (fd_count >= gMaxFds)) { // don't accept size_t values which may have come from an // don't accept size_t values which may have come from an // inadvertent conversion from a negative int. // inadvertent conversion from a negative int. return BAD_VALUE; return BAD_VALUE; Loading @@ -2065,7 +2072,11 @@ status_t Parcel::read(FlattenableHelperInterface& val) const int* fds = NULL; int* fds = NULL; if (fd_count) { if (fd_count) { fds = new int[fd_count]; fds = new (std::nothrow) int[fd_count]; if (fds == nullptr) { ALOGE("read: failed to allocate requested %zu fds", fd_count); return BAD_VALUE; } } } status_t err = NO_ERROR; status_t err = NO_ERROR; Loading Loading @@ -2542,6 +2553,18 @@ void Parcel::initState() mAllowFds = true; mAllowFds = true; mOwner = NULL; mOwner = NULL; mOpenAshmemSize = 0; mOpenAshmemSize = 0; // racing multiple init leads only to multiple identical write if (gMaxFds == 0) { struct rlimit result; if (!getrlimit(RLIMIT_NOFILE, &result)) { gMaxFds = (size_t)result.rlim_cur; ALOGI("parcel fd limit set to %zu", gMaxFds); } else { ALOGW("Unable to getrlimit: %s", strerror(errno)); gMaxFds = 1024; } } } } void Parcel::scanForFds() const void Parcel::scanForFds() const Loading
