Merge "native handle - fix ubsan abort" am: f828fe4397temp_sam_202323961

Original change: https://android-review.googlesource.com/c/platform/system/libhwbinder/+/1815086 Change-Id: Ia961878214b0f572ff197f23ce4d30bffaddee0e
author: Treehugger Robot <treehugger-gerrit@google.com> 2021-09-01 02:25:05 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2021-09-01 02:25:05 +0000
commit: a6d67b00c8c43231a3abde0dd02e1541bbd7f9bf (patch)
tree: b9cb6aaecf8b974cd769a2cce9d7672df433d36e
parent: 2cd9e216cea27714c8d8c43954fc544a37ba4e93 (diff)
parent: f828fe4397c9853a53471a832a3e40919934f809 (diff)
download: libhwbinder-a6d67b00c8c43231a3abde0dd02e1541bbd7f9bf.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/Parcel.cpp b/Parcel.cpp
index fdf481b..98300d0 100644
--- a/Parcel.cpp
+++ b/Parcel.cpp
@@ -1464,8 +1464,8 @@ status_t Parcel::readNullableNativeHandleNoDup(const native_handle_t **handle,
         return status;
     }
 
-    if (nativeHandleSize < sizeof(native_handle_t)) {
-        ALOGE("Received a native_handle_t size that was too small.");
+    if (nativeHandleSize < sizeof(native_handle_t) || nativeHandleSize > std::numeric_limits<uint32_t>::max()) {
+        ALOGE("Invalid native_handle_t size: %" PRIu64, nativeHandleSize);
         return BAD_VALUE;
     }
author	Treehugger Robot <treehugger-gerrit@google.com>	2021-09-01 02:25:05 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2021-09-01 02:25:05 +0000
commit	a6d67b00c8c43231a3abde0dd02e1541bbd7f9bf (patch)
tree	b9cb6aaecf8b974cd769a2cce9d7672df433d36e
parent	2cd9e216cea27714c8d8c43954fc544a37ba4e93 (diff)
parent	f828fe4397c9853a53471a832a3e40919934f809 (diff)
download	libhwbinder-a6d67b00c8c43231a3abde0dd02e1541bbd7f9bf.tar.gz