Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f8542381 authored by Martijn Coenen's avatar Martijn Coenen
Browse files

Don't pad before calling writeInPlace(). 

writeInplace() itself already pads securely, by masking off
the padded bytes. If the padding is done before calling
writeInplace(), no mask is applied, and heap data can leak.

Bug: 77237570
Test: builds
Change-Id: Ide27a0002d4ed4196530430760245b971f6a3f44
parent fa851800

libs/binder/Parcel.cpp

+1 −1
Original line number Diff line number Diff line
@@ -1276,7 +1276,7 @@ status_t Parcel::write(const FlattenableHelperInterface& val) 
    if (err) return err;



    // payload

    void* const buf = this->writeInplace(pad_size(len));

    void* const buf = this->writeInplace(len);

    if (buf == NULL)

        return BAD_VALUE;