diff options
author | Steven Moreland <smoreland@google.com> | 2019-05-17 13:14:06 -0700 |
---|---|---|
committer | Nikoli Cartagena <dargeren@google.com> | 2019-06-10 14:06:51 -0700 |
commit | 1a10d15ec8557e1b88511af24fb53f2abd90bac0 (patch) | |
tree | 96d9acc8b77cea049ea1acca6a8d307d099c92d8 | |
parent | b53300f04a1423a92041622020a96b83baa9e383 (diff) | |
download | native-1a10d15ec8557e1b88511af24fb53f2abd90bac0.tar.gz |
libbinder: readCString: no ubsan sub-overflow
Bug: 131859347
Test: fuzzer
Change-Id: I95a0f59684a172925f1eab97ff21e5d14bc79cc8
Merged-In: I95a0f59684a172925f1eab97ff21e5d14bc79cc8
(cherry picked from commit d0d4b584fc294d2c124385644099852918416344)
-rw-r--r-- | libs/binder/Parcel.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp index 460bbe2fc5..13555fd80d 100644 --- a/libs/binder/Parcel.cpp +++ b/libs/binder/Parcel.cpp @@ -2013,8 +2013,8 @@ status_t Parcel::readUtf8FromUtf16(std::unique_ptr<std::string>* str) const { const char* Parcel::readCString() const { - const size_t avail = mDataSize-mDataPos; - if (avail > 0) { + if (mDataPos < mDataSize) { + const size_t avail = mDataSize-mDataPos; const char* str = reinterpret_cast<const char*>(mData+mDataPos); // is the string's trailing NUL within the parcel's valid bounds? const char* eos = reinterpret_cast<const char*>(memchr(str, 0, avail)); |