summaryrefslogtreecommitdiff
path: root/Parcel.cpp
AgeCommit message (Collapse)Author
2023-08-16Use String8/16 c_str am: e97a1ec320 am: d295199fdb am: 51460f607c am: ↵Tomasz Wasilczyk
1beedfe9e1 am: 11c9b4f0c9 Original change: https://android-review.googlesource.com/c/platform/system/libhwbinder/+/2704655 Change-Id: I38715f002ba0e6575a3b827a5817dcfd425b414b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-08-14more buffer validationSteven Moreland
Bug: 294464949 Test: hidl_test Test: libHidlBase_parcel_fuzzer with test case Change-Id: I1f27c6d1d8a3fb189d510443c17f44aaff0488f2
2023-08-11Use String8/16 c_strTomasz Wasilczyk
Bug: 295394788 Test: make checkbuild Change-Id: Ia40faa8c2a974c43bcecf66566b6ed756b955a1f
2022-03-08libhwbinder: kernel check also in userspaceSteven Moreland
To avoid false crashes in fuzzer. Fixes: 220396435 Test: binder_parcel_fuzzer w/ repro Change-Id: I4fd2ab705d2525f2e3786011d90bc5c32de555b4
2021-09-01Merge "native handle - fix ubsan abort" am: f828fe4397temp_sam_202323961Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/system/libhwbinder/+/1815086 Change-Id: Ia961878214b0f572ff197f23ce4d30bffaddee0e
2021-09-01Merge "native handle - fix ubsan abort"android-s-beta-5android-s-beta-5Treehugger Robot
2021-08-31native handle - fix ubsan abortSteven Moreland
missing bounds check Fixes: 197919958 Test: hidl_test (while manually triggering ubsan) Change-Id: I0234f56f0649b7bafec6f4e33509a93a3c739221
2021-08-27[Bugfix] Fix compling error when enable LOG_REFS in ↵yuxi
system/libhwbinder/Parcel.cpp am: bca47a6466 Original change: https://android-review.googlesource.com/c/platform/system/libhwbinder/+/1811296 Change-Id: Ia20f8047e70b0fdb1f609f1ed2e9661483311bfa
2021-08-27[Bugfix] Fix compling error when enable LOG_REFS in ↵yuxi
system/libhwbinder/Parcel.cpp Like change 1806797, we also try to fix the same compling problem in system/libhwbinder/Parcel.cpp when we enable LOG_REFS. Change-Id: I74d0f6433791135945b4901108560a5c240e764e Test: manual
2021-07-12Merge RQ3A.210705.001 to aosp-master - DO NOT MERGEandroid-s-beta-4android-s-beta-3android-s-beta-4Bill Yi
Merged-In: I6fc38d4dae7e8ed1eab1510eb6775c42344d0ce5 Merged-In: I422190daf26845f8a9625dd798acb922b3673d68 Merged-In: I422190daf26845f8a9625dd798acb922b3673d68 Change-Id: I004a6beb4e89fe107be73ee4913e687dc44e5fa1
2021-05-20verify embedded buffer matches address in parentSteven Moreland
Below is a diagram showing what scatter gather would look like where we have one reference to a buffer, and then we have a single embedded buffer. For instance, 'a1' might be the hidl_vec object and 'a2' might be the data pointer in this object. In practice, there might be arbitrarily many levels (this happens when structures contain vectors which contain structures etc...). legend: "...." - random data we don't care about "|" - some position in the data "<a#>" - some constant address offsets into Parcel's mData: .....|....<a1>....|.....|....<a2>....|..... ^ ^ ^ ^ | | | \- 'buffer' field of structure | | | | | | (binder object structure) | | \- mObjects[child] | | | \- binder object structure 'buffer' field | \- mObjects[parent] (binder object structure) kernel-owned ro buffer @ address a1 ('parent' buffer) .......<a3>.................... ^ \- parent buffer as address + parent offset (in the example, this would be the data field of hidl_vec. This should be a2). kernel-owned ro buffer @ address a2 ('child' buffer) ............................ (any random data) What was happening here was that by maliciously constructing mObjects[child] to be null, there would be no child object, so the kernel wouldn't know to fixup the embedded buffer (<a3>) and it would be unchanged. Bug: 179289794 Test: repro w/ POC, and this fixes it Test: hidl_test Change-Id: Ia26e0fc902510b90ce5bbd55343fa6ded8e4fcf5 (cherry picked from commit 25614cbc380db86cc3842ac1886b55d92c913e4d) (cherry picked from commit fcd86bd0d1b4cfea480a2682c354fb40039f0727)
2021-04-22verify embedded buffer matches address in parentSteven Moreland
Below is a diagram showing what scatter gather would look like where we have one reference to a buffer, and then we have a single embedded buffer. For instance, 'a1' might be the hidl_vec object and 'a2' might be the data pointer in this object. In practice, there might be arbitrarily many levels (this happens when structures contain vectors which contain structures etc...). legend: "...." - random data we don't care about "|" - some position in the data "<a#>" - some constant address offsets into Parcel's mData: .....|....<a1>....|.....|....<a2>....|..... ^ ^ ^ ^ | | | \- 'buffer' field of structure | | | | | | (binder object structure) | | \- mObjects[child] | | | \- binder object structure 'buffer' field | \- mObjects[parent] (binder object structure) kernel-owned ro buffer @ address a1 ('parent' buffer) .......<a3>.................... ^ \- parent buffer as address + parent offset (in the example, this would be the data field of hidl_vec. This should be a2). kernel-owned ro buffer @ address a2 ('child' buffer) ............................ (any random data) What was happening here was that by maliciously constructing mObjects[child] to be null, there would be no child object, so the kernel wouldn't know to fixup the embedded buffer (<a3>) and it would be unchanged. Bug: 179289794 Test: repro w/ POC, and this fixes it Test: hidl_test Change-Id: Ia26e0fc902510b90ce5bbd55343fa6ded8e4fcf5
2021-04-07Update parcel data pointer after realloc with size 0Devin Moore
If restartWrite is called with desired size of 0, mData will be reallocated to size 0. This frees the memory and returns a null pointer. When this happends we need to update the stored data pointer and capacity otherwise we will crash with a double free when the object is desctructed. Bug: 157066561 Bug: 183954797 Test: build POC included in bug. 'adb push binderMemSafety /data/local/tmp && adb shell /data/local/tmp/binderMemSafety'. Reproduce the crash without this change, then verify no crash with this change. This is also being added to STS. Ran 'atest -p' for binder tests. Change-Id: I494e954204ee4a312739ae8600e2cf545ea452e3 (cherry picked from commit 4a1f294217e1c3869d54b4408f0f6aa175d77e0a)
2020-11-20libhwbinder: support TF_CLEAR_BUFSteven Moreland
This flag instructs the kernel to clear transactions from send/reply buffers for certain transactions which may contain sensitive data, as a security precaution. Bug: 171501998 Test: hidl_test + verify by reading memory bits w/ updated kernel Change-Id: I7dda8f8d24091f77bdaf99a7de446875356c601c
2020-08-27Merge Android R (rvc-dev-plus-aosp-without-vendor@6692709)Xin Li
Bug: 166295507 Merged-In: I5005b312a0c93ff5838c8c4f8ba3e314f34c5b50 Change-Id: Id8036793f031c5093e701ca07fd645c355cd148d
2020-08-17Use static_assert directly.Elliott Hughes
Test: treehugger Change-Id: I02b8ee7ca0b95d91b82e4e8749b926b99218d838
2020-07-30Update language to comply with Android's inclusive language guidanceJiabin Huang
See https://source.android.com/setup/contribute/respectful-code for reference BUG=161896447 Change-Id: I794af0bef966ec88d7ee6b5f5d66969571f04317
2020-07-15Hide TextOutput. am: 507238eebf am: b85df52575Steven Moreland
Original change: https://android-review.googlesource.com/c/platform/system/libhwbinder/+/1360926 Change-Id: I5005b312a0c93ff5838c8c4f8ba3e314f34c5b50
2020-07-14Hide TextOutput.Steven Moreland
Avoid additional users. Removing these completely is infeasible/not worth it for now for libbinder, and it's important to keep libbinder/libhwbinder at least somewhat close to each other. If saving this memory becomes important here or if we remove this from libbinder, this ensures that no additional work will be needed. Bug: 148676615 Test: N/A Change-Id: I8fd2c2c21bfc5ab47c362cdad93de9a432591a50
2020-03-27Fix addition/overflow checks. am: b022196fb6Martijn Coenen
Change-Id: I12be279d82d7806fb80bfe7d4ed24a12e24c2c07
2020-03-05Remove Parcel::remove. am: af04830927 am: 067a341fd6Automerger Merge Worker
Change-Id: I3877732518851ec8e9a3ea13c75e04506d542a4a
2020-03-04Remove Parcel::remove.Steven Moreland
This function simply aborts, with no indication of what it should do. Bug: 149989072 Test: libhwbinder builds (cherry picked from commit 80afc6f3f15825c06687db6f3bed044515a8c62e) Change-Id: Ia82477023b872b3581a6fb56460156025f9689b9
2020-02-25Use atomic, not lock, for parcel allocation counters am: 81b32ce597 am: ↵Automerger Merge Worker
431dc3f4fd Change-Id: Ic6e0e595b18668074484e5d17ebf907a4b2a269f
2020-02-24Use atomic, not lock, for parcel allocation countersDaniel Colascione
These counters don't need to actually be coherent, so each can be its own atomic. Avoid the lock, because every lock is a chance for priority inversion. Test: builds Change-Id: I5e3b11a5e5ade7875fcafbb5dfa33e92c996b87c
2020-01-31Fix addition/overflow checks.Martijn Coenen
For unsigned arithmetic, use: (a + b < a) to detect whether a+b wraps (a > c / b) to detect whether a*b > c Bug: 120078455 Test: builds and boots Change-Id: I738b90855b6b9a8effbf55a468c751b6d0b8edd9 (cherry picked from commit d79ac373483c36f893981c7319d37a5ebbd63b98)
2020-01-23Fix addition/overflow checks.Martijn Coenen
For unsigned arithmetic, use: (a + b < a) to detect whether a+b wraps (a > c / b) to detect whether a*b > c Bug: 120078455 Test: builds and boots Change-Id: I738b90855b6b9a8effbf55a468c751b6d0b8edd9
2019-12-13Merge "Update for v5.4 kernel headers." am: 2f9e75b87d am: ffe96dbe0c am: ↵Automerger Merge Worker
fc21535dc2 Change-Id: I7f6c4109d36113cbda140619c148a46a09768d37
2019-12-10Update for v5.4 kernel headers.Christopher Ferris
The new headers are coming from the android kernel, so the binder header file contains everything necessary now. The only reason to leave the binder_kernel.h file is because one of the compilers doesn't understandt __packed. Test: Builds. Change-Id: I73ae18d77c574a1077ca38bb87a90f455f4d54bf
2019-10-15remove INT32_MAX definition am: 062914cc8b am: 3b17749b05 am: 55ea268f01Steven Moreland
am: ded905c822 Change-Id: Ia03016c48607f983b29c20027e0bdf4f7e794e99
2019-10-14remove INT32_MAX definitionSteven Moreland
unneeded Bug: N/A Test: N/A Change-Id: I4b73bf5f0af3bb30baba2968fb53b9764811efaf
2019-10-08[libhwbinder] fix -Wreorder-init-list am: 931ba168d6 am: 6cdf006b56 am: ↵Nick Desaulniers
eaf38dab97 am: 5309071625 Change-Id: Ia1e32a76efc298a7df2abd3102097590301653f1
2019-10-07[libhwbinder] fix -Wreorder-init-listndk-sysroot-r21Nick Desaulniers
C++20 really wants members ordered unlike C99. Bug: 139945549 Test: mm Change-Id: Ide85e012621f53a8a1612a872782ea48e62a4065 Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
2019-09-30Fix segfault in readNullableNativeHandleNoDup.Steven Moreland
Fixes: 141857065 Test: no longer segfaults w/ fuzzer repro Change-Id: Ib7016cc3def89e7a13c00580949f52c5d9cc4f72
2019-09-26Remove unnecessary semicolons. am: 7173a4c016 am: d349e57d99 am: 97fbd8d853Steven Moreland
am: 0cb351f706 Change-Id: I5903be375e8a38b5f950da90a5eb66051e92d6fe
2019-09-26Remove unnecessary semicolons.Steven Moreland
Bug: N/A Test: build w/o -Wno-c++98-compat-extra-semi Change-Id: Id6d7df00a22873917b7e480b71050d662fabb243
2019-09-26Replace abort with LOG_ALWAYS_FATAL am: 0338952431 am: 57ca8c30d4 am: d17c3bae23Steven Moreland
am: 5af06db289 Change-Id: I1278acf73af3135da6c47e441cc064a574a8c6d9
2019-09-25Replace abort with LOG_ALWAYS_FATALSteven Moreland
So that we have better error understanding. Bug: 141290044 Test: TH Change-Id: I2cd16fa80c91fd5c573fbc8202031abe7f075b4b
2019-09-23libhwbinder on host am: d9bdb65784 am: d8b9fb2e00 am: a6f78a5e83Steven Moreland
am: 4603362d56 Change-Id: Id0efa24762605b30dc5c2ebbec0b79b3fe9f34cb
2019-09-20libhwbinder on hostSteven Moreland
The motivation of this is for quickly running unit tests of HAL implementations on host. Before, you would have to abstract away HIDL stuff, but now, you can just call a class that inherits from HIDL stuff directly. Currently, there is no binder or passthrough support on host though. This is only for unit tests of C++ classes. Bug: 124524556 Test: mma Change-Id: I9cf22217f17ad75ad6f23a7bbc63db47e9b821e8
2019-09-17Merge "stop exporting kernel headers" am: 4f35e0bc27 am: 23680bd41d am: ↵Steven Moreland
9c53e8a3d1 am: 675fd5f9f1 Change-Id: I822bf81f4e07b7296c42be64f9b14a1b1d2d27db
2019-09-05stop exporting kernel headersSteven Moreland
Bug: 124524556 Test: build only Change-Id: I8e1001a5cc0ff2227e018a43a492e439056e5ceb
2019-07-17Remove read/writeWeakBinder. am: ae7f1806da am: 256183d8ba am: b01cb77d5bSteven Moreland
am: 73eadfbb2f Change-Id: I45a4492f84cb1cbc1201228935b555ee38016cd2
2019-07-17Remove read/writeWeakBinder.Steven Moreland
am: ae7f1806da Change-Id: Ie6406b1d462e347bf960df773cf099bde3764e32
2019-07-17Remove read/writeWeakBinder.Steven Moreland
Unused/not fully implemented. Bug: N/A Test: N/A Change-Id: I48fb9121175c8bf4296e12482c69551a696aebe2
2019-07-09DO NOT MERGE - Merge pie-platform-release (PPRL.190705.004) into masterandroid-o-mr1-iot-release-1.0.14Xin Li
Bug: 136196576 Change-Id: I2ecaea1e2e59807dbf153c9ec0d2fccbec27fc88
2019-07-08Merge "remove obsolete TODOs" am: 7bd4ffaa7f am: 0169ba75b2 am: 2f149532f0Steven Moreland
am: 643a8b2d1a Change-Id: I2992afd45379c58041534d7adfdc8f8e7072dc57
2019-07-08Merge "remove obsolete TODOs"Steven Moreland
am: 7bd4ffaa7f Change-Id: I4edfda7249fc44e53fd50649ecf566e79be37cef
2019-07-03remove obsolete TODOsSteven Moreland
Bug: N/A Test: N/A Change-Id: Ibd419acdede4fbda4c5caa95ec67e36f3f965c16
2019-06-07Merge "Free mObjects if no objects left to realloc on resize"Steven Moreland
2019-06-06Free mObjects if no objects left to realloc on resizeMichael Wachenschwanz
Fixes: 134168436 Test: atest CtsOsTestCases:ParcelTest#testObjectDoubleFree Change-Id: I82e7e8c7b4206fb45b832a71d174df45edb62710 (cherry picked from commit 6af27a83256e676da6f9c02921ef9dfeffc8c52d)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-14 05:13:37 +0000