commit 16a12aee22a313a7c902f36a18488375e30477da
author Frederick Mayle <fmayle@google.com> Fri Jul 15 00:04:33 2022 +0000
committer Frederick Mayle <fmayle@google.com> Fri Jul 15 16:27:42 2022 +0000
tree b2fd16beabfb88a19a0cb46ec03b41be932efd3d
parent f2532967f521b8c6e7083c88ccde04af2f045736

libbinder: Don't abort when rpc parcel size is invalid

No test becaue this is only reachable by bypassing the binder client
library (i.e. writing non-sense directly to the socket).

Test: binder_rpc_fuzzer
Bug: 238497894
Change-Id: I85ef57df4b8970c35904a5e84e61cb87653a39be

libs/binder/Utils.h

diff --git a/libs/binder/Utils.h b/libs/binder/Utils.h
index 7c6d6f1..e04199c 100644
--- a/libs/binder/Utils.h
+++ b/libs/binder/Utils.h
@@ -48,9 +48,11 @@
     // Truncates `this` to a length of `offset` and returns a span with the
     // remainder.
     //
-    // Aborts if offset > size.
-    Span<T> splitOff(size_t offset) {
-        LOG_ALWAYS_FATAL_IF(offset > size);
+    // `std::nullopt` iff offset > size.
+    std::optional<Span<T>> splitOff(size_t offset) {
+        if (offset > size) {
+            return std::nullopt;
+        }
         Span<T> rest = {data + offset, size - offset};
         size = offset;
         return rest;