Don't pad before calling writeInPlace().

writeInplace() itself already pads securely, by masking off
the padded bytes. If the padding is done before calling
writeInplace(), no mask is applied, and heap data can leak.

Bug: 77237570
Test: builds
Change-Id: Ide27a0002d4ed4196530430760245b971f6a3f44
Merged-In: Ide27a0002d4ed4196530430760245b971f6a3f44

(cherry picked from commit f8542381b72a7bb2452a5278a00ca8c34edbf8a0)

diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index cfcf73b..4d6ea88 100644 (file)
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -985,7 +985,7 @@ status_t Parcel::write(const FlattenableHelperInterface& val)
     if (err) return err;
 
     // payload
-    void* const buf = this->writeInplace(pad_size(len));
+    void* const buf = this->writeInplace(len);
     if (buf == NULL)
         return BAD_VALUE;