diff options
| author | Michael Wachenschwanz <mwachens@google.com> | 2019-06-03 17:24:51 -0700 |
|---|---|---|
| committer | Kevin F. Haggerty <haggertk@lineageos.org> | 2019-09-05 21:59:34 -0600 |
| commit | 36592c0313427e178850abdc77d31fab7a83861a (patch) | |
| tree | bf21aca3aaeac63f8732da94d01c7d7d883856b5 | |
| parent | 4de2ee3e3504505cc01a1d4f7812f324a8cbdf51 (diff) | |
| download | android_frameworks_native-36592c0313427e178850abdc77d31fab7a83861a.tar.gz android_frameworks_native-36592c0313427e178850abdc77d31fab7a83861a.tar.bz2 android_frameworks_native-36592c0313427e178850abdc77d31fab7a83861a.zip | |
Free mObjects if no objects left to realloc on resize
Bug: 134168436
Bug: 133785589
Bug: 34175893
Test: atest CtsOsTestCases:ParcelTest#testObjectDoubleFree
Change-Id: I82e7e8c7b4206fb45b832a71d174df45edb62710
Merged-In: I82e7e8c7b4206fb45b832a71d174df45edb62710
(cherry picked from commit edd3e3d8f441131b02e5a78d18babf9d16ef9e6e)
| -rw-r--r-- | libs/binder/Parcel.cpp | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp index 26a88e920..7a174b84e 100644 --- a/libs/binder/Parcel.cpp +++ b/libs/binder/Parcel.cpp @@ -2569,10 +2569,16 @@ status_t Parcel::continueWrite(size_t desired) release_object(proc, *flat, this); #endif } - binder_size_t* objects = - (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t)); - if (objects) { - mObjects = objects; + + if (objectsSize == 0) { + free(mObjects); + mObjects = nullptr; + } else { + binder_size_t* objects = + (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t)); + if (objects) { + mObjects = objects; + } } mObjectsSize = objectsSize; mNextObjectHint = 0; |