Free mObjects if no objects left to realloc on resize

Fixes: 134168436 Test: atest CtsOsTestCases:ParcelTest#testObjectDoubleFree Change-Id: I82e7e8c7b4206fb45b832a71d174df45edb62710 (cherry picked from commit 6af27a83256e676da6f9c02921ef9dfeffc8c52d)
author: Michael Wachenschwanz <mwachens@google.com> 2019-06-03 17:24:51 -0700
committer: Steven Moreland <smoreland@google.com> 2019-06-06 08:53:56 -0700
commit: cb720b93011694f0239347d95b6b9960f72d855e (patch)
tree: 781488b0d8b2cf0db6c525364555c0c01ef553c5 /Parcel.cpp
parent: b3e44a6887458056db8817f27a678d10bd7ffb17 (diff)
download: libhwbinder-cb720b93011694f0239347d95b6b9960f72d855e.tar.gz
1 files changed, 10 insertions, 4 deletions
diff --git a/Parcel.cpp b/Parcel.cpp
index 4fe6779..381a7b9 100644
--- a/Parcel.cpp
+++ b/Parcel.cpp
@@ -2123,10 +2123,16 @@ status_t Parcel::continueWrite(size_t desired)
                 }
                 release_object(proc, *flat, this);
             }
-            binder_size_t* objects =
-                (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t));
-            if (objects) {
-                mObjects = objects;
+
+            if (objectsSize == 0) {
+                free(mObjects);
+                mObjects = nullptr;
+            } else {
+                binder_size_t* objects =
+                    (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t));
+                if (objects) {
+                    mObjects = objects;
+                }
             }
             mObjectsSize = objectsSize;
             mNextObjectHint = 0;
author	Michael Wachenschwanz <mwachens@google.com>	2019-06-03 17:24:51 -0700
committer	Steven Moreland <smoreland@google.com>	2019-06-06 08:53:56 -0700
commit	cb720b93011694f0239347d95b6b9960f72d855e (patch)
tree	781488b0d8b2cf0db6c525364555c0c01ef553c5 /Parcel.cpp
parent	b3e44a6887458056db8817f27a678d10bd7ffb17 (diff)
download	libhwbinder-cb720b93011694f0239347d95b6b9960f72d855e.tar.gz