libbinder: simplify setIpcSetDataReference
This deduplicates part of 'freeInit', so that if a reply parcel is
re-used by a client, its previous state may leak into the next step.
Client code essentially look like this:
Parcel reply;
...->transact(..., &reply, ...);
// inside this call, in waitForResponse
reply->ipcSetDataReference(...);
However, if multiple transact calls are sent, then other data in Parcel
might be undesirably mutated. Specifically, any field of Parcel which is
currently not set here. However, when receiving a reply from another
process, we want it in a very particular state (and any options on that
Parcel which we want to set on that Parcel should be set by libbinder
itself, if there are every any).
Bug: 167966510
Test: boot & test mapping tests here
Change-Id: Ib834b94c78ac4f481eba280dcec150f53127ce3e
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 6f26539..b891cdb 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -2503,19 +2503,15 @@
void Parcel::ipcSetDataReference(const uint8_t* data, size_t dataSize,
const binder_size_t* objects, size_t objectsCount, release_func relFunc)
{
- binder_size_t minOffset = 0;
- freeDataNoInit();
- mError = NO_ERROR;
+ freeData();
+
mData = const_cast<uint8_t*>(data);
mDataSize = mDataCapacity = dataSize;
- //ALOGI("setDataReference Setting data size of %p to %lu (pid=%d)", this, mDataSize, getpid());
- mDataPos = 0;
- ALOGV("setDataReference Setting data pos of %p to %zu", this, mDataPos);
mObjects = const_cast<binder_size_t*>(objects);
mObjectsSize = mObjectsCapacity = objectsCount;
- mNextObjectHint = 0;
- mObjectsSorted = false;
mOwner = relFunc;
+
+ binder_size_t minOffset = 0;
for (size_t i = 0; i < mObjectsSize; i++) {
binder_size_t offset = mObjects[i];
if (offset < minOffset) {