libbinder: RPC checks for appendParcel
It would be unstable to append a parcel of one format to a format of
another.
Bug: 182938972
Bug: 182939048
Test: binderRpcTest
Change-Id: Ief93c3f02398094f8a1d0ec1550836c53ac13ec7
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 3f0b0df..b1dddd1 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -418,6 +418,11 @@
status_t Parcel::appendFrom(const Parcel *parcel, size_t offset, size_t len)
{
+ if (parcel->isForRpc() != isForRpc()) {
+ ALOGE("Cannot append Parcel of one format to another.");
+ return BAD_TYPE;
+ }
+
status_t err;
const uint8_t *data = parcel->mData;
const binder_size_t *objects = parcel->mObjects;
diff --git a/libs/binder/tests/binderRpcTest.cpp b/libs/binder/tests/binderRpcTest.cpp
index 985d086..a51c987 100644
--- a/libs/binder/tests/binderRpcTest.cpp
+++ b/libs/binder/tests/binderRpcTest.cpp
@@ -406,6 +406,19 @@
EXPECT_EQ(BAD_TYPE, proc.rootBinder->transact(IBinder::PING_TRANSACTION, data, &reply, 0));
}
+TEST_P(BinderRpc, AppendSeparateFormats) {
+ auto proc = createRpcTestSocketServerProcess(1);
+
+ Parcel p1;
+ p1.markForBinder(proc.rootBinder);
+ p1.writeInt32(3);
+
+ Parcel p2;
+
+ EXPECT_EQ(BAD_TYPE, p1.appendFrom(&p2, 0, p2.dataSize()));
+ EXPECT_EQ(BAD_TYPE, p2.appendFrom(&p1, 0, p1.dataSize()));
+}
+
TEST_P(BinderRpc, UnknownTransaction) {
auto proc = createRpcTestSocketServerProcess(1);
Parcel data;