commit a4198301d7eb7dcdc0e5319aeea72498a29c4c48
author George Burgess IV <gbiv@google.com> Mon Jul 19 07:31:21 2021 +0000
committer George Burgess IV <gbiv@google.com> Mon Jul 19 07:33:50 2021 +0000
tree 989c69082688a4e252fdbd65aabdc58cd8b88c4a
parent 9f0e60e62fa4d8b163ead39768338c0a5507880c

binder: don't dereference NULL

Simply forming a reference to NULL results in undefined behavior
regardless of how the reference is used. Since `outPollFd` and
`errPollFd` are potentially NULL, we should pass them as pointers here.

Caught by clang's static analyzer:
> frameworks/native/libs/binder/UtilsHost.cpp:145:14: warning: Forming
reference to null pointer [clang-analyzer-core.NonNullParamChecker]
> frameworks/native/libs/binder/UtilsHost.cpp:147:14: warning: Forming
reference to null pointer [clang-analyzer-core.NonNullParamChecker]

Bug: None
Test: TreeHugger

Change-Id: Idf8c8291bde0ce0624085afd143096c357246673

libs/binder/UtilsHost.cpp

diff --git a/libs/binder/UtilsHost.cpp b/libs/binder/UtilsHost.cpp
index e524dab..d121ce2 100644
--- a/libs/binder/UtilsHost.cpp
+++ b/libs/binder/UtilsHost.cpp
@@ -111,15 +111,15 @@
     errWrite.reset();
     ret.pid = pid;
 
-    auto handlePoll = [](android::base::unique_fd* fd, const pollfd& pfd, std::string* s) {
+    auto handlePoll = [](android::base::unique_fd* fd, const pollfd* pfd, std::string* s) {
         if (!fd->ok()) return true;
-        if (pfd.revents & POLLIN) {
+        if (pfd->revents & POLLIN) {
             char buf[1024];
             ssize_t n = TEMP_FAILURE_RETRY(read(fd->get(), buf, sizeof(buf)));
             if (n < 0) return false;
             if (n > 0) *s += std::string_view(buf, n);
         }
-        if (pfd.revents & POLLHUP) {
+        if (pfd->revents & POLLHUP) {
             fd->reset();
         }
         return true;
@@ -142,9 +142,9 @@
         int pollRet = poll(fds, nfds, 1000 /* ms timeout */);
         if (pollRet == -1) return android::base::ErrnoError() << "poll()";
 
-        if (!handlePoll(&ret.outPipe, *outPollFd, &ret.stdout))
+        if (!handlePoll(&ret.outPipe, outPollFd, &ret.stdout))
             return android::base::ErrnoError() << "read(stdout)";
-        if (!handlePoll(&ret.errPipe, *errPollFd, &ret.stderr))
+        if (!handlePoll(&ret.errPipe, errPollFd, &ret.stderr))
             return android::base::ErrnoError() << "read(stderr)";
 
         if (end && end(ret)) return ret;