Make MemoryDealer::deallocate private
MemoryDealer allocate returns Allocation objects, whose
destructors call MemoryDealer::deallocate. Any direct call to
MemoryDealer::deallocate will lead to a double deallocate.
This method is currently not used anywhere, however leaving it
public could introduce future bugs.
- We make the method private so only Allocation can call.
- Remove deallocate from fuzzing test.
Test: Compiles.
Bug: 201562507
Change-Id: I3fc4b1a2c30fe9aebf0e22fa5a4547f9940d1427
diff --git a/libs/binder/include/binder/MemoryDealer.h b/libs/binder/include/binder/MemoryDealer.h
index e727772..3f7dd11 100644
--- a/libs/binder/include/binder/MemoryDealer.h
+++ b/libs/binder/include/binder/MemoryDealer.h
@@ -36,7 +36,6 @@
uint32_t flags = 0 /* or bits such as MemoryHeapBase::READ_ONLY */ );
virtual sp<IMemory> allocate(size_t size);
- virtual void deallocate(size_t offset);
virtual void dump(const char* what) const;
// allocations are aligned to some value. return that value so clients can account for it.
@@ -48,6 +47,8 @@
virtual ~MemoryDealer();
private:
+ friend class Allocation;
+ virtual void deallocate(size_t offset);
const sp<IMemoryHeap>& heap() const;
SimpleBestFitAllocator* allocator() const;
diff --git a/libs/binder/tests/unit_fuzzers/MemoryDealerFuzz.cpp b/libs/binder/tests/unit_fuzzers/MemoryDealerFuzz.cpp
index f9dda8c..f5e3af5 100644
--- a/libs/binder/tests/unit_fuzzers/MemoryDealerFuzz.cpp
+++ b/libs/binder/tests/unit_fuzzers/MemoryDealerFuzz.cpp
@@ -46,15 +46,6 @@
[&]() -> void { dealer->getAllocationAlignment(); },
[&]() -> void { dealer->getMemoryHeap(); },
[&]() -> void {
- size_t offset = fdp.ConsumeIntegral<size_t>();
-
- // Offset has already been freed, so return instead.
- if (free_list.find(offset) != free_list.end()) return;
-
- dealer->deallocate(offset);
- free_list.insert(offset);
- },
- [&]() -> void {
std::string randString = fdp.ConsumeRandomLengthString(fdp.remaining_bytes());
dealer->dump(randString.c_str());
},