summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorandroid-build-team Robot <android-build-team-robot@google.com>2018-08-01 21:36:58 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>2018-08-01 21:36:58 +0000
commit5614e4be145f5fa7f5858d82440e02ed1905fb5d (patch)
treed638624afaff061ebb012e2c7706046a43e72a16
parent490a126f946857e1ad9e4c281e5c115c13516d6c (diff)
parent7abc57a84a1972397b03694c1246d464dd18708a (diff)
downloadlibhidl-pie-s2-release.tar.gz
Merge cherrypicks of [4667264, 4667744, 4667382, 4666687, 4667506, 4667745, 4667225, 4667226, 4667227, 4667228, 4668483, 4668486, 4668487, 4668489, 4666733, 4668492, 4668493, 4668495, 4667548, 4667482, 4667549, 4667550, 4667551, 4667552, 4667553, 4667554, 4667555, 4667556, 4666734, 4666688, 4668511, 4668531, 4667265] into pi-releaseandroid-9.0.0_r9android-9.0.0_r5android-9.0.0_r17pie-s2-releasepie-release
Change-Id: I5af86703aa1de0c472b9ab783d0ee249cb4f3d90
Diffstat
-rw-r--r--transport/HidlBinderSupport.cpp10
1 files changed, 10 insertions, 0 deletions
diff --git a/transport/HidlBinderSupport.cpp b/transport/HidlBinderSupport.cpp
index d14887f..4f8d7c5 100644
--- a/transport/HidlBinderSupport.cpp
+++ b/transport/HidlBinderSupport.cpp
@@ -19,6 +19,7 @@
#include <hidl/HidlBinderSupport.h>
// C includes
+#include <inttypes.h>
#include <unistd.h>
// C++ includes
@@ -66,6 +67,15 @@ status_t readEmbeddedFromParcel(const hidl_memory& memory,
parentOffset + hidl_memory::kOffsetOfName);
}
+ // hidl_memory's size is stored in uint64_t, but mapMemory's mmap will map
+ // size in size_t. If size is over SIZE_MAX, mapMemory could succeed
+ // but the mapped memory's actual size will be smaller than the reported size.
+ if (memory.size() > SIZE_MAX) {
+ ALOGE("Cannot use memory with %" PRId64 " bytes because it is too large.", memory.size());
+ android_errorWriteLog(0x534e4554, "79376389");
+ return BAD_VALUE;
+ }
+
return _hidl_err;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 19:52:12 +0000