Free mObjects if no objects left to realloc on resize Fixes: 134168436 Test: atest CtsOsTestCases:ParcelTest#testObjectDoubleFree Change-Id: I82e7e8c7b4206fb45b832a71d174df45edb62710

commit: 6af27a83256e676da6f9c02921ef9dfeffc8c52d [log] [tgz]
author: Michael Wachenschwanz <mwachens@google.com> Mon Jun 03 17:24:51 2019 -0700
committer: Michael Wachenschwanz <mwachens@google.com> Mon Jun 03 17:26:20 2019 -0700
tree: e7b98fdf5cbc82ca12aab290960d1f8a700f417e
parent: 0683fe791e810d576584fab816f99eac51f9cff7 [diff] [blame]
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 5427ff8..d5cdf07 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp

@@ -2835,10 +2835,16 @@
                 }
                 release_object(proc, *flat, this, &mOpenAshmemSize);
             }
-            binder_size_t* objects =
-                (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t));
-            if (objects) {
-                mObjects = objects;
+
+            if (objectsSize == 0) {
+                free(mObjects);
+                mObjects = nullptr;
+            } else {
+                binder_size_t* objects =
+                    (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t));
+                if (objects) {
+                    mObjects = objects;
+                }
             }
             mObjectsSize = objectsSize;
             mNextObjectHint = 0;
commit	6af27a83256e676da6f9c02921ef9dfeffc8c52d	[log] [tgz]
author	Michael Wachenschwanz <mwachens@google.com>	Mon Jun 03 17:24:51 2019 -0700
committer	Michael Wachenschwanz <mwachens@google.com>	Mon Jun 03 17:26:20 2019 -0700
tree	e7b98fdf5cbc82ca12aab290960d1f8a700f417e
parent	0683fe791e810d576584fab816f99eac51f9cff7 [diff] [blame]