Don't pad before calling writeInPlace(). writeInplace() itself already pads securely, by masking off the padded bytes. If the padding is done before calling writeInplace(), no mask is applied, and heap data can leak. Bug: 77237570 Test: builds Change-Id: Ide27a0002d4ed4196530430760245b971f6a3f44

commit: f8542381b72a7bb2452a5278a00ca8c34edbf8a0 [log] [tgz]
author: Martijn Coenen <maco@google.com> Wed Apr 04 11:46:56 2018 +0200
committer: Martijn Coenen <maco@google.com> Wed Apr 04 09:51:30 2018 +0000
tree: e048f1bd620897fd7a8d98642a945afd5137abd1
parent: fa851800cf97d1a3d30a7a147877005dc48721ff [diff] [blame]
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index f739f07..2d196c1 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp

@@ -1276,7 +1276,7 @@
     if (err) return err;
 
     // payload
-    void* const buf = this->writeInplace(pad_size(len));
+    void* const buf = this->writeInplace(len);
     if (buf == NULL)
         return BAD_VALUE;
commit	f8542381b72a7bb2452a5278a00ca8c34edbf8a0	[log] [tgz]
author	Martijn Coenen <maco@google.com>	Wed Apr 04 11:46:56 2018 +0200
committer	Martijn Coenen <maco@google.com>	Wed Apr 04 09:51:30 2018 +0000
tree	e048f1bd620897fd7a8d98642a945afd5137abd1
parent	fa851800cf97d1a3d30a7a147877005dc48721ff [diff] [blame]