Fix null-deref crash while fuzzing When random parcel is sent to incidentd, AIDL service crashes with null pointer dereference. Test: atest incidentd_test Test: m incidentd_service_fuzzer && adb sync data && adb shell /data/fuzz/x86_64/incidentd_service_fuzzer/incidentd_service_fuzzer Bug: 282963041 Change-Id: I0e0ebc479acbfd3f5e9f56b629380b5d90021f45

commit: 5482646109517eebf45e5ca82f12e87faf18858c [log] [tgz]
author: Pawan Wagh <waghpawan@google.com> Tue May 16 19:52:05 2023 +0000
committer: Pawan Wagh <waghpawan@google.com> Tue May 16 19:52:05 2023 +0000
tree: 797e9bc26b2653c79a04fa09faf64690620df02c
parent: 4d3ac1d5689a1a4b2f820d5a8c131b0d894b987e [diff] [blame]
diff --git a/cmds/incidentd/src/IncidentService.cpp b/cmds/incidentd/src/IncidentService.cpp
index 5af02f4..c2f0100 100644
--- a/cmds/incidentd/src/IncidentService.cpp
+++ b/cmds/incidentd/src/IncidentService.cpp

@@ -513,6 +513,9 @@
             sp<IShellCallback> shellCallback = IShellCallback::asInterface(data.readStrongBinder());
             sp<IResultReceiver> resultReceiver =
                     IResultReceiver::asInterface(data.readStrongBinder());
+            if (resultReceiver == nullptr) {
+                return BAD_VALUE;
+            }
 
             FILE* fin = fdopen(in, "r");
             FILE* fout = fdopen(out, "w");
commit	5482646109517eebf45e5ca82f12e87faf18858c	[log] [tgz]
author	Pawan Wagh <waghpawan@google.com>	Tue May 16 19:52:05 2023 +0000
committer	Pawan Wagh <waghpawan@google.com>	Tue May 16 19:52:05 2023 +0000
tree	797e9bc26b2653c79a04fa09faf64690620df02c
parent	4d3ac1d5689a1a4b2f820d5a8c131b0d894b987e [diff] [blame]