Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 939739b86288069814cf73b37133119983779278^1..939739b86288069814cf73b37133119983779278 / .
commit939739b86288069814cf73b37133119983779278[log] [tgz]
authorSteven Moreland <smoreland@google.com>Wed Nov 18 18:23:20 2020 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Wed Nov 18 18:23:20 2020 +0000
tree39769d3af2791cf96bef9c618077923462c79e0e
parent71bc431d6fff9718c35a1c3c4b5bb2a3ea541784 [diff]
parent8f39fa0d3bc3c6f22934d5c97bf010c375e2ea43 [diff]
Merge changes I72ccc98d,Ie8791125

* changes:
  libbinder: binderParcelTest: read string needs \0
  libbinder: check null bytes in readString*Inplace

diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index b1b2aa0..0377075 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp

@@ -2056,7 +2056,7 @@
     if (size >= 0 && size < INT32_MAX) {
         *outLen = size;
         const char* str = (const char*)readInplace(size+1);
-        if (str != nullptr) {
+        if (str != nullptr && str[size] == '\0') {
             return str;
         }
     }
@@ -2139,7 +2139,7 @@
     if (size >= 0 && size < INT32_MAX) {
         *outLen = size;
         const char16_t* str = (const char16_t*)readInplace((size+1)*sizeof(char16_t));
-        if (str != nullptr) {
+        if (str != nullptr && str[size] == u'\0') {
             return str;
         }
     }

diff --git a/libs/binder/tests/binderParcelTest.cpp b/libs/binder/tests/binderParcelTest.cpp
index 1764228..841d47b 100644
--- a/libs/binder/tests/binderParcelTest.cpp
+++ b/libs/binder/tests/binderParcelTest.cpp

@@ -25,6 +25,40 @@
 using android::String8;
 using android::status_t;
 
+TEST(Parcel, NonNullTerminatedString8) {
+    String8 kTestString = String8("test-is-good");
+
+    // write non-null terminated string
+    Parcel p;
+    p.writeString8(kTestString);
+    p.setDataPosition(0);
+    // BAD! assumption of wire format for test
+    // write over length of string
+    p.writeInt32(kTestString.size() - 2);
+
+    p.setDataPosition(0);
+    String8 output;
+    EXPECT_NE(OK, p.readString8(&output));
+    EXPECT_EQ(output.size(), 0);
+}
+
+TEST(Parcel, NonNullTerminatedString16) {
+    String16 kTestString = String16("test-is-good");
+
+    // write non-null terminated string
+    Parcel p;
+    p.writeString16(kTestString);
+    p.setDataPosition(0);
+    // BAD! assumption of wire format for test
+    // write over length of string
+    p.writeInt32(kTestString.size() - 2);
+
+    p.setDataPosition(0);
+    String16 output;
+    EXPECT_NE(OK, p.readString16(&output));
+    EXPECT_EQ(output.size(), 0);
+}
+
 // Tests a second operation results in a parcel at the same location as it
 // started.
 void parcelOpSameLength(const std::function<void(Parcel*)>& a, const std::function<void(Parcel*)>& b) {