OSDN Git Service

Correctly handle dup() failure in Parcel::readNativeHandle
authorMarco Nelissen <marcone@google.com>
Tue, 26 Apr 2016 15:44:09 +0000 (08:44 -0700)
committerMarco Nelissen <marcone@google.com>
Tue, 26 Apr 2016 18:42:04 +0000 (18:42 +0000)
bail out if dup() fails, instead of creating an invalid native_handle_t

Bug: 28395952

Change-Id: Ia1a6198c0f45165b9c6a55a803e5f64d8afa0572

libs/binder/Parcel.cpp

index 0464e93..c383a2d 100644 (file)
@@ -1150,7 +1150,13 @@ native_handle* Parcel::readNativeHandle() const
 
     for (int i=0 ; err==NO_ERROR && i<numFds ; i++) {
         h->data[i] = dup(readFileDescriptor());
-        if (h->data[i] < 0) err = BAD_VALUE;
+        if (h->data[i] < 0) {
+            for (int j = 0; j < i; j++) {
+                close(h->data[j]);
+            }
+            native_handle_delete(h);
+            return 0;
+        }
     }
     err = read(h->data + numFds, sizeof(int)*numInts);
     if (err != NO_ERROR) {