diff options
| author | Michael Wachenschwanz <mwachens@google.com> | 2019-06-03 17:24:51 -0700 |
|---|---|---|
| committer | Arjun Garg <arjgarg@google.com> | 2019-07-11 12:16:55 -0700 |
| commit | d753e9e318cfb190cf550fa7a3d341730ed3e1e6 (patch) | |
| tree | e04a360efa73c06107b1548141be8b282a241575 | |
| parent | 786fab4e5e61d1b1cd8522a7ba71106c8b87c673 (diff) | |
| download | android_frameworks_native-d753e9e318cfb190cf550fa7a3d341730ed3e1e6.tar.gz android_frameworks_native-d753e9e318cfb190cf550fa7a3d341730ed3e1e6.tar.bz2 android_frameworks_native-d753e9e318cfb190cf550fa7a3d341730ed3e1e6.zip | |
Free mObjects if no objects left to realloc on resize
Bug: 134168436
Bug: 133785589
Bug: 34175893
Test: atest CtsOsTestCases:ParcelTest#testObjectDoubleFree
Change-Id: I82e7e8c7b4206fb45b832a71d174df45edb62710
Merged-In: I82e7e8c7b4206fb45b832a71d174df45edb62710
(cherry picked from commit edd3e3d8f441131b02e5a78d18babf9d16ef9e6e)
| -rw-r--r-- | libs/binder/Parcel.cpp | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp index 13555fd80..59a363f8d 100644 --- a/libs/binder/Parcel.cpp +++ b/libs/binder/Parcel.cpp @@ -2709,10 +2709,16 @@ status_t Parcel::continueWrite(size_t desired) } release_object(proc, *flat, this, &mOpenAshmemSize); } - binder_size_t* objects = - (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t)); - if (objects) { - mObjects = objects; + + if (objectsSize == 0) { + free(mObjects); + mObjects = nullptr; + } else { + binder_size_t* objects = + (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t)); + if (objects) { + mObjects = objects; + } } mObjectsSize = objectsSize; mNextObjectHint = 0; |