libbinder: added enforceNoDataAvail()
enforceNoDataAvail() verifies that there's no bytes left to be read on
the Parcel.
Bug: 208509444
Test: atest binderUnitTest
Test: binder_parcel_fuzzer
Change-Id: I469c8778fa54f3db27f00a9df8db668a0c4c76bc
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 7027a4b..6fb189c 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -739,6 +739,17 @@
}
}
+binder::Status Parcel::enforceNoDataAvail() const {
+ const auto n = dataAvail();
+ if (n == 0) {
+ return binder::Status::ok();
+ }
+ return binder::Status::
+ fromExceptionCode(binder::Status::Exception::EX_BAD_PARCELABLE,
+ String8::format("Parcel data not fully consumed, unread size: %zu",
+ n));
+}
+
size_t Parcel::objectsCount() const
{
return mObjectsSize;
diff --git a/libs/binder/include/binder/Parcel.h b/libs/binder/include/binder/Parcel.h
index 8dbdc1d..450e388 100644
--- a/libs/binder/include/binder/Parcel.h
+++ b/libs/binder/include/binder/Parcel.h
@@ -54,6 +54,9 @@
class RpcSession;
class String8;
class TextOutput;
+namespace binder {
+class Status;
+}
class Parcel {
friend class IPCThreadState;
@@ -131,6 +134,10 @@
IPCThreadState* threadState = nullptr) const;
bool checkInterface(IBinder*) const;
+ // Verify there are no bytes left to be read on the Parcel.
+ // Returns Status(EX_BAD_PARCELABLE) when the Parcel is not consumed.
+ binder::Status enforceNoDataAvail() const;
+
void freeData();
size_t objectsCount() const;
diff --git a/libs/binder/tests/binderParcelUnitTest.cpp b/libs/binder/tests/binderParcelUnitTest.cpp
index 4950b23..aee15d8 100644
--- a/libs/binder/tests/binderParcelUnitTest.cpp
+++ b/libs/binder/tests/binderParcelUnitTest.cpp
@@ -16,15 +16,17 @@
#include <binder/IPCThreadState.h>
#include <binder/Parcel.h>
+#include <binder/Status.h>
#include <cutils/ashmem.h>
#include <gtest/gtest.h>
using android::IPCThreadState;
using android::OK;
using android::Parcel;
+using android::status_t;
using android::String16;
using android::String8;
-using android::status_t;
+using android::binder::Status;
TEST(Parcel, NonNullTerminatedString8) {
String8 kTestString = String8("test-is-good");
@@ -60,6 +62,19 @@
EXPECT_EQ(output.size(), 0);
}
+TEST(Parcel, EnforceNoDataAvail) {
+ const int32_t kTestInt = 42;
+ const String8 kTestString = String8("test-is-good");
+ Parcel p;
+ p.writeInt32(kTestInt);
+ p.writeString8(kTestString);
+ p.setDataPosition(0);
+ EXPECT_EQ(kTestInt, p.readInt32());
+ EXPECT_EQ(p.enforceNoDataAvail().exceptionCode(), Status::Exception::EX_BAD_PARCELABLE);
+ EXPECT_EQ(kTestString, p.readString8());
+ EXPECT_EQ(p.enforceNoDataAvail().exceptionCode(), Status::Exception::EX_NONE);
+}
+
// Tests a second operation results in a parcel at the same location as it
// started.
void parcelOpSameLength(const std::function<void(Parcel*)>& a, const std::function<void(Parcel*)>& b) {
diff --git a/libs/binder/tests/parcel_fuzzer/binder.cpp b/libs/binder/tests/parcel_fuzzer/binder.cpp
index 077d915..13f7195 100644
--- a/libs/binder/tests/parcel_fuzzer/binder.cpp
+++ b/libs/binder/tests/parcel_fuzzer/binder.cpp
@@ -22,6 +22,7 @@
#include <android/os/IServiceManager.h>
#include <binder/ParcelableHolder.h>
#include <binder/PersistableBundle.h>
+#include <binder/Status.h>
using ::android::status_t;
using ::android::base::HexString;
@@ -100,6 +101,7 @@
PARCEL_READ_NO_STATUS(size_t, dataAvail),
PARCEL_READ_NO_STATUS(size_t, dataPosition),
PARCEL_READ_NO_STATUS(size_t, dataCapacity),
+ PARCEL_READ_NO_STATUS(::android::binder::Status, enforceNoDataAvail),
[] (const ::android::Parcel& p, uint8_t pos) {
FUZZ_LOG() << "about to setDataPosition: " << pos;
p.setDataPosition(pos);