diff options
| author | Treehugger Robot <treehugger-gerrit@google.com> | 2017-02-21 19:32:55 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2017-02-21 19:32:55 +0000 |
| commit | 89ebbfb9a9383239ea7a4824aabf966b896b66cf (patch) | |
| tree | a96d296e2e10a30e8c904bcf97c8c68ffd9d1913 | |
| parent | 26c830a601a4be274c27401f2656b4faa0316b92 (diff) | |
| parent | ce575973d003ce07fe7bba94378c96ed9b53c61a (diff) | |
| download | protobuf-89ebbfb9a9383239ea7a4824aabf966b896b66cf.tar.gz | |
Merge "Don't execute code before checking a class is a messagenano."
| -rw-r--r-- | java/src/device/main/java/com/google/protobuf/nano/android/ParcelableMessageNanoCreator.java | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/java/src/device/main/java/com/google/protobuf/nano/android/ParcelableMessageNanoCreator.java b/java/src/device/main/java/com/google/protobuf/nano/android/ParcelableMessageNanoCreator.java index 5a4b70c72..9c97439f9 100644 --- a/java/src/device/main/java/com/google/protobuf/nano/android/ParcelableMessageNanoCreator.java +++ b/java/src/device/main/java/com/google/protobuf/nano/android/ParcelableMessageNanoCreator.java @@ -38,6 +38,7 @@ import com.google.protobuf.nano.InvalidProtocolBufferNanoException; import com.google.protobuf.nano.MessageNano; import java.lang.reflect.Array; +import java.lang.reflect.InvocationTargetException; public final class ParcelableMessageNanoCreator<T extends MessageNano> implements Parcelable.Creator<T> { @@ -58,12 +59,19 @@ public final class ParcelableMessageNanoCreator<T extends MessageNano> T proto = null; try { - Class<?> clazz = Class.forName(className); - Object instance = clazz.newInstance(); + // Check that the provided class is a subclass of MessageNano before executing any code + Class<?> clazz = + Class.forName(className, false /*initialize*/, this.getClass().getClassLoader()) + .asSubclass(MessageNano.class); + Object instance = clazz.getConstructor().newInstance(); proto = (T) instance; MessageNano.mergeFrom(proto, data); } catch (ClassNotFoundException e) { Log.e(TAG, "Exception trying to create proto from parcel", e); + } catch (NoSuchMethodException e) { + Log.e(TAG, "Exception trying to create proto from parcel", e); + } catch (InvocationTargetException e) { + Log.e(TAG, "Exception trying to create proto from parcel", e); } catch (IllegalAccessException e) { Log.e(TAG, "Exception trying to create proto from parcel", e); } catch (InstantiationException e) { |