diff options
author | Steven Moreland <smoreland@google.com> | 2018-03-06 11:31:33 -0800 |
---|---|---|
committer | Martijn Coenen <maco@google.com> | 2018-03-07 08:11:30 +0000 |
commit | 57c6fcbfa8134f532d5487ccf4bfc9f7bd38fff4 (patch) | |
tree | 44c290df557e91473275087d13f4b0a587ee3132 | |
parent | 566c383bf83c0b66a59ae5c671ffd224b85c1c3b (diff) | |
download | libhidl-57c6fcbfa8134f532d5487ccf4bfc9f7bd38fff4.tar.gz |
Add earlier CHECK in hidl_string
hidl_string needs to be zero-terminated so that
the kernel can make a copy with it and have it
safely copied over to the the other process (and
that process can use c_str safely).
Right now, this CHECK is in parceling code for
hidl_string, but moving it to setToExternal
and adding additional documentation for clarity.
Bug: N/A
Test: TH
Change-Id: I1e5f338baa5757ec541e0c54f89f64df0a9c9d61
-rw-r--r-- | base/HidlSupport.cpp | 8 | ||||
-rw-r--r-- | base/include/hidl/HidlSupport.h | 2 |
2 files changed, 10 insertions, 0 deletions
diff --git a/base/HidlSupport.cpp b/base/HidlSupport.cpp index 8f3c057..a69faa2 100644 --- a/base/HidlSupport.cpp +++ b/base/HidlSupport.cpp @@ -254,6 +254,14 @@ void hidl_string::setToExternal(const char *data, size_t size) { if (size > UINT32_MAX) { LOG(FATAL) << "string size can't exceed 2^32 bytes: " << size; } + + // When the binder driver copies this data into its buffer, it must + // have a zero byte there because the remote process will have a pointer + // directly into the read-only binder buffer. If we manually copy the + // data now to add a zero, then we lose the efficiency of this method. + // Checking here (it's also checked in the parceling code later). + CHECK(data[size] == '\0'); + clear(); mBuffer = data; diff --git a/base/include/hidl/HidlSupport.h b/base/include/hidl/HidlSupport.h index f09eb63..d1221fe 100644 --- a/base/include/hidl/HidlSupport.h +++ b/base/include/hidl/HidlSupport.h @@ -155,6 +155,8 @@ struct hidl_string { // Reference an external char array. Ownership is _not_ transferred. // Caller is responsible for ensuring that underlying memory is valid // for the lifetime of this hidl_string. + // + // size == strlen(data) void setToExternal(const char *data, size_t size); // offsetof(hidl_string, mBuffer) exposed since mBuffer is private. |