[automerger] libbinder: readCString: no ubsan sub-overflow am: d0d4b584fc am: a7134ad559 am: 7e71b6ee21 am: 2537a8b5b6 am: 85c1e41520 am: 6658f2faec Change-Id: I2e27412294b25c62ba061d3adba19bae56da03af

commit: a9d88cd6082463a3d06ff55ee57ff0fdb3649530 [log] [tgz]
author: Steven Moreland <smoreland@google.com> Wed Jun 05 09:56:32 2019 -0700
committer: android-build-merger <android-build-merger@google.com> Wed Jun 05 09:56:32 2019 -0700
tree: d9fa95d419eeaebcd0ba5fa9786cc96f44a6b53e
parent: 9d948679bd9655b93c59666e1bdde2e74158647a [diff]
parent: 6658f2faec45be866495f3f360c7ed761e864ad9 [diff]
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 9d96dd6..ca8277d 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp

@@ -2013,8 +2013,8 @@
 
 const char* Parcel::readCString() const
 {
-    const size_t avail = mDataSize-mDataPos;
-    if (avail > 0) {
+    if (mDataPos < mDataSize) {
+        const size_t avail = mDataSize-mDataPos;
         const char* str = reinterpret_cast<const char*>(mData+mDataPos);
         // is the string's trailing NUL within the parcel's valid bounds?
         const char* eos = reinterpret_cast<const char*>(memchr(str, 0, avail));
commit	a9d88cd6082463a3d06ff55ee57ff0fdb3649530	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Wed Jun 05 09:56:32 2019 -0700
committer	android-build-merger <android-build-merger@google.com>	Wed Jun 05 09:56:32 2019 -0700
tree	d9fa95d419eeaebcd0ba5fa9786cc96f44a6b53e
parent	9d948679bd9655b93c59666e1bdde2e74158647a [diff]
parent	6658f2faec45be866495f3f360c7ed761e864ad9 [diff]