libbinder: check null bytes in readString*Inplace
This is entirely defensive, since the only real guarantee we have here
from these APIs is that a buffer of a given length is available.
However, since we write 0's here, presumably to guard against people
assuming these are null-terminated strings, we might as well enforce
that they are actually null terminated.
Bug: 172655291
Test: binderParcelTest (added in newer CL)
Change-Id: Ie879112540155f6a93b97aeaf3d41ed8ba4ae79f
Merged-In: Ie879112540155f6a93b97aeaf3d41ed8ba4ae79f
(cherry picked from commit 51e02b16c397c44ddf81a0736cf6045cd4c44128)
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 9642a87..1f7d27e 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -1869,7 +1869,7 @@
if (size >= 0 && size < INT32_MAX) {
*outLen = size;
const char* str = (const char*)readInplace(size+1);
- if (str != nullptr) {
+ if (str != nullptr && str[size] == '\0') {
return str;
}
}
@@ -1929,7 +1929,7 @@
if (size >= 0 && size < INT32_MAX) {
*outLen = size;
const char16_t* str = (const char16_t*)readInplace((size+1)*sizeof(char16_t));
- if (str != nullptr) {
+ if (str != nullptr && str[size] == u'\0') {
return str;
}
}