OSDN Git Service

(root) / android-x86 / frameworks-native.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 87b30d0)
Binder: Fix some valgrind errors.
authorArve Hjønnevåg <arve@android.com>
Wed, 19 Feb 2014 05:10:29 +0000 (21:10 -0800)
committerArve Hjønnevåg <arve@android.com>
Wed, 19 Feb 2014 05:14:41 +0000 (21:14 -0800)
When using 64 bit binder pointers, only initializing the 32 bit
handle, in a stack allocated struct, will pass uninitialized stack
data to the kernel and other processes.

Change-Id: I3432d9d36bb251d8ddb0a863661aeb80aabb3d92

libs/binder/IPCThreadState.cpp patch | blob | history
libs/binder/Parcel.cpp patch | blob | history

diff --git a/libs/binder/IPCThreadState.cpp b/libs/binder/IPCThreadState.cpp
index 65329f5..35dba12 100644 (file)
--- a/libs/binder/IPCThreadState.cpp
+++ b/libs/binder/IPCThreadState.cpp
@@ -904,6 +904,7 @@ status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags,
 {
     binder_transaction_data tr;
 
+    tr.target.ptr = 0; /* Don't pass uninitialized stack data to a remote process */
     tr.target.handle = handle;
     tr.code = code;
     tr.flags = binderFlags;
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 03bcf01..9f56def 100644 (file)
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -164,6 +164,7 @@ status_t flatten_binder(const sp<ProcessState>& /*proc*/,
             }
             const int32_t handle = proxy ? proxy->handle() : 0;
             obj.type = BINDER_TYPE_HANDLE;
+            obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */
             obj.handle = handle;
             obj.cookie = 0;
         } else {
@@ -197,6 +198,7 @@ status_t flatten_binder(const sp<ProcessState>& /*proc*/,
                 }
                 const int32_t handle = proxy ? proxy->handle() : 0;
                 obj.type = BINDER_TYPE_WEAK_HANDLE;
+                obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */
                 obj.handle = handle;
                 obj.cookie = 0;
             } else {
@@ -748,6 +750,7 @@ status_t Parcel::writeFileDescriptor(int fd, bool takeOwnership)
     flat_binder_object obj;
     obj.type = BINDER_TYPE_FD;
     obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS;
+    obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */
     obj.handle = fd;
     obj.cookie = takeOwnership ? 1 : 0;
     return writeObject(obj, true);
frameworks/native
About OSDN
Find Software
Develop Software
Help