Verify that the native handle was createdstable/cm-11.0-XNG3C

The inputs to native_handle_create can cause an overflowed allocation, so check the return value of native_handle_create before accessing the memory it returns. CYNGNOS-446 Bug:19334482 Change-Id: I1f489382776c2a1390793a79dc27ea17baa9b2a2 (cherry picked from commit eaac99a7172da52a76ba48c26413778a74951b1a) (cherry picked from commit c491676cc2775d978bc52e323d5a743b53bfe51d)
author: Adam Lesinski <adamlesinski@google.com> 2015-05-12 17:35:48 -0700
committer: Abhisek Devkota <ciwrl@cyanogenmod.com> 2015-08-12 14:20:45 -0700
commit: 76f9bfc5de9618df02d3094d6593dd8056f97ea6 (patch)
tree: 039487aa0a7fcfcfa2bf4e123d0de97cf0f870ed
parent: da0467a64e247b4fc3c2584d1e65359e7d88a2e0 (diff)
download: android_frameworks_native-stable/cm-11.0-XNG3C.tar.gz
android_frameworks_native-stable/cm-11.0-XNG3C.tar.bz2
android_frameworks_native-stable/cm-11.0-XNG3C.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index db9e0a1e2..e5a287157 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -1144,6 +1144,10 @@ native_handle* Parcel::readNativeHandle() const
     if (err != NO_ERROR) return 0;
 
     native_handle* h = native_handle_create(numFds, numInts);
+    if (!h) {
+        return 0;
+    }
+
     for (int i=0 ; err==NO_ERROR && i<numFds ; i++) {
         h->data[i] = dup(readFileDescriptor());
         if (h->data[i] < 0) err = BAD_VALUE;
author	Adam Lesinski <adamlesinski@google.com>	2015-05-12 17:35:48 -0700
committer	Abhisek Devkota <ciwrl@cyanogenmod.com>	2015-08-12 14:20:45 -0700
commit	76f9bfc5de9618df02d3094d6593dd8056f97ea6 (patch)
tree	039487aa0a7fcfcfa2bf4e123d0de97cf0f870ed
parent	da0467a64e247b4fc3c2584d1e65359e7d88a2e0 (diff)
download	android_frameworks_native-stable/cm-11.0-XNG3C.tar.gz android_frameworks_native-stable/cm-11.0-XNG3C.tar.bz2 android_frameworks_native-stable/cm-11.0-XNG3C.zip