Merge "binder: Tweak overflow check for readability" am: 5caafddc6b
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2106895
Change-Id: I87e29b8a7c6ff89aec286509ad4868eb6429be36
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/libs/binder/RpcState.cpp b/libs/binder/RpcState.cpp
index 4ef9cd8..2a8e9c1 100644
--- a/libs/binder/RpcState.cpp
+++ b/libs/binder/RpcState.cpp
@@ -493,14 +493,13 @@
}
}
- LOG_ALWAYS_FATAL_IF(std::numeric_limits<int32_t>::max() - sizeof(RpcWireHeader) -
- sizeof(RpcWireTransaction) <
- data.dataSize(),
+ uint32_t bodySize;
+ LOG_ALWAYS_FATAL_IF(__builtin_add_overflow(sizeof(RpcWireTransaction), data.dataSize(),
+ &bodySize),
"Too much data %zu", data.dataSize());
-
RpcWireHeader command{
.command = RPC_COMMAND_TRANSACT,
- .bodySize = static_cast<uint32_t>(sizeof(RpcWireTransaction) + data.dataSize()),
+ .bodySize = bodySize,
};
RpcWireTransaction transaction{
@@ -940,14 +939,12 @@
replyStatus = flushExcessBinderRefs(session, addr, target);
}
- LOG_ALWAYS_FATAL_IF(std::numeric_limits<int32_t>::max() - sizeof(RpcWireHeader) -
- sizeof(RpcWireReply) <
- reply.dataSize(),
+ uint32_t bodySize;
+ LOG_ALWAYS_FATAL_IF(__builtin_add_overflow(sizeof(RpcWireReply), reply.dataSize(), &bodySize),
"Too much data for reply %zu", reply.dataSize());
-
RpcWireHeader cmdReply{
.command = RPC_COMMAND_REPLY,
- .bodySize = static_cast<uint32_t>(sizeof(RpcWireReply) + reply.dataSize()),
+ .bodySize = bodySize,
};
RpcWireReply rpcReply{
.status = replyStatus,