diff options
| author | Michael Wachenschwanz <mwachens@google.com> | 2019-06-03 17:24:51 -0700 |
|---|---|---|
| committer | Arjun Garg <arjgarg@google.com> | 2019-07-11 12:17:11 -0700 |
| commit | 9741d3d817f3c8a0ef237b3984394a09477c7d50 (patch) | |
| tree | 482cc149dc582a77f5e77e75704296db75c6b422 | |
| parent | 2034c67ba447c361f640eb33d11af3460c242037 (diff) | |
| download | native-9741d3d817f3c8a0ef237b3984394a09477c7d50.tar.gz | |
Free mObjects if no objects left to realloc on resize
Bug: 134168436
Bug: 133785589
Bug: 34175893
Test: atest CtsOsTestCases:ParcelTest#testObjectDoubleFree
Change-Id: I82e7e8c7b4206fb45b832a71d174df45edb62710
Merged-In: I82e7e8c7b4206fb45b832a71d174df45edb62710
(cherry picked from commit edd3e3d8f441131b02e5a78d18babf9d16ef9e6e)
| -rw-r--r-- | libs/binder/Parcel.cpp | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp index ca8277d26c..baf5b04760 100644 --- a/libs/binder/Parcel.cpp +++ b/libs/binder/Parcel.cpp @@ -2709,10 +2709,16 @@ status_t Parcel::continueWrite(size_t desired) } release_object(proc, *flat, this, &mOpenAshmemSize); } - binder_size_t* objects = - (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t)); - if (objects) { - mObjects = objects; + + if (objectsSize == 0) { + free(mObjects); + mObjects = nullptr; + } else { + binder_size_t* objects = + (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t)); + if (objects) { + mObjects = objects; + } } mObjectsSize = objectsSize; mNextObjectHint = 0; |