Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3f6b702b authored by Nick Kralevich's avatar Nick Kralevich
Browse files

handle size_t > java max int size 

Cleanly abort if we would have returned a value which can't be safely
handled by the java APIs. I'm not sure this code is reachable, but
adding the check just in case.

Bug: 16676699
Change-Id: Iae59b2885fd14b7db152d4880305e7add134faef
parent a811a37b

libs/binder/Parcel.cpp

+5 −7
Original line number Diff line number Diff line
@@ -350,13 +350,11 @@ size_t Parcel::dataSize() const 


size_t Parcel::dataAvail() const

{

    // TODO: decide what to do about the possibility that this can

    // report an available-data size that exceeds a Java int's max

    // positive value, causing havoc.  Fortunately this will only

    // happen if someone constructs a Parcel containing more than two

    // gigabytes of data, which on typical phone hardware is simply

    // not possible.

    return dataSize() - dataPosition();

    size_t result = dataSize() - dataPosition();

    if (result > INT32_MAX) {

        abort();

    }

    return result;

}



size_t Parcel::dataPosition() const