Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 7e71b6ee21b4b13b3aa3c9296a4aee460852b426^1..7e71b6ee21b4b13b3aa3c9296a4aee460852b426 / .
commit7e71b6ee21b4b13b3aa3c9296a4aee460852b426[log] [tgz]
authorAndroid Build Merger (Role) <noreply-android-build-merger@google.com>Wed Jun 05 01:50:11 2019 +0000
committerAndroid Build Merger (Role) <noreply-android-build-merger@google.com>Wed Jun 05 01:50:11 2019 +0000
tree805d2b19fc2c1cf99b91dae96571d7f6ae4fe191
parent0e9e9b09701897959e004c689574e173cf70dab4 [diff]
parenta7134ad55996ef21ee56e4c80328406362360021 [diff]
[automerger] libbinder: readCString: no ubsan sub-overflow am: d0d4b584fc am: a7134ad559

Change-Id: I91c2b9da15577f0ba59c3e38c649bb865a2d3106

diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index e5a34c2..e9c26ea 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp

@@ -1907,8 +1907,8 @@
 
 const char* Parcel::readCString() const
 {
-    const size_t avail = mDataSize-mDataPos;
-    if (avail > 0) {
+    if (mDataPos < mDataSize) {
+        const size_t avail = mDataSize-mDataPos;
         const char* str = reinterpret_cast<const char*>(mData+mDataPos);
         // is the string's trailing NUL within the parcel's valid bounds?
         const char* eos = reinterpret_cast<const char*>(memchr(str, 0, avail));