commit c65de59762cfc284bd203d97281f5a8f86aba877
author Michael Wachenschwanz <mwachens@google.com> Mon May 08 14:26:41 2017 -0700
committer Michael Wachenschwanz <mwachens@google.com> Wed May 10 11:43:24 2017 -0700
tree 3db1e2882c3fc5d6ba81d674ef176893b7d4ca75
parent 8d320dfc21dcbc25d25b0adc4efb5517e5907a3e

Logging for catching memory issue in Parcel

Added a check to catch a bug that is suspected to lead to a segfault
during GC. Actual fix for the bug is commented and will be checked in
once the flow that is hitting the bug is uncoverered

Bug: 37298089
Test: manual

Change-Id: I68dea02566a9e9375e3a09d4cc19e39379d84747
Signed-off-by: Michael Wachenschwanz <mwachens@google.com>

libs/binder/Parcel.cpp

diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 39bb078..254f4d5 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -2540,8 +2540,16 @@
             objectsSize = 0;
         } else {
             while (objectsSize > 0) {
-                if (mObjects[objectsSize-1] < desired)
+                if (mObjects[objectsSize-1] < desired) {
+                    // Check for an object being sliced
+                    if (desired < mObjects[objectsSize-1] + sizeof(flat_binder_object)) {
+                        ALOGE("Attempt to shrink Parcel would slice an objects allocated memory");
+                        return UNKNOWN_ERROR + 0xBADF10;
+                    }
                     break;
+                }
+                // STOPSHIP: Above code to be replaced with following commented code:
+                // if (mObjects[objectsSize-1] + sizeof(flat_binder_object) <= desired) break;
                 objectsSize--;
             }
         }