summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Wachenschwanz <mwachens@google.com>2019-05-16 05:58:15 (GMT)
committerandroid-build-team Robot <android-build-team-robot@google.com>2019-06-11 21:04:35 (GMT)
commitd446743de4fd86e0e1e2de6eb56725daf00f7748 (patch)
tree36d560f19cbb57a9288e45dd2422f863ef780eda
parenta595bca273810f976da934f611c56546876ccc03 (diff)
downloadframeworks_base-d446743de4fd86e0e1e2de6eb56725daf00f7748.zip
frameworks_base-d446743de4fd86e0e1e2de6eb56725daf00f7748.tar.gz
frameworks_base-d446743de4fd86e0e1e2de6eb56725daf00f7748.tar.bz2
Clear the Parcel before writing an exception during a transaction
This prevents any object data from being accidentally overwritten by the exception, which could cause unexpected malformed objects to be sent across the transaction. Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject Bug: 34175893 Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013 Merged-In: Iaf80a0ad711762992b8ae60f76d861c97a403013 (cherry picked from commit f8ef5bcf21c87d8617f5e11810cc94350298d114)
-rw-r--r--core/java/android/os/Binder.java2
1 files changed, 2 insertions, 0 deletions
diff --git a/core/java/android/os/Binder.java b/core/java/android/os/Binder.java
index 8e8565c35..4db8d1e 100644
--- a/core/java/android/os/Binder.java
+++ b/core/java/android/os/Binder.java
@@ -740,6 +740,8 @@ public class Binder implements IBinder {
Log.w(TAG, "Caught a RuntimeException from the binder stub implementation.", e);
}
} else {
+ // Clear the parcel before writing the exception
+ reply.setDataSize(0);
reply.setDataPosition(0);
reply.writeException(e);
}