diff options
| author | Steven Moreland <smoreland@google.com> | 2021-01-15 22:13:50 +0000 |
|---|---|---|
| committer | Steven Moreland <smoreland@google.com> | 2021-01-15 22:17:29 +0000 |
| commit | 6ca117bdeae581b19d898f99c74ce54e66a8f46c (patch) | |
| tree | 21cd18c92da83b15eaca2566175ba650d5dd2642 /core/jni | |
| parent | 59df97be63448e7c4cd540704c03eeddc075cac0 (diff) | |
HwBlob: explicit size check
It was noticed in the course of a related issue that the wrong type is
passed over the JNI boundary here (relies on specific ABI).
Bug: 177497444
Test: boot + 'atest hidl_test_java'
Change-Id: I1fd55d450775f9ca8075fbd62fbafb3f16c569f0
Diffstat (limited to 'core/jni')
| -rw-r--r-- | core/jni/android_os_HwBlob.cpp | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/core/jni/android_os_HwBlob.cpp b/core/jni/android_os_HwBlob.cpp index 0fb29111d043..a9db91be1d5b 100644 --- a/core/jni/android_os_HwBlob.cpp +++ b/core/jni/android_os_HwBlob.cpp @@ -257,7 +257,17 @@ jobject JHwBlob::NewObject(JNIEnv *env, size_t size) { // XXX Again cannot refer to gFields.constructID because InitClass may // not have been called yet. - return env->NewObject(clazz.get(), constructID, size); + // Cases: + // - this originates from another process (something so large should not fit + // in the binder buffer, and it should be rejected by the binder driver) + // - if this is used in process, this code makes too many heap copies (in + // order to retrofit HIDL's scatter-gather format to java types) to + // justify passing such a large amount of data over this path. So the + // alternative (updating the constructor and other code to accept other + // types, should also probably not be taken in this case). + CHECK_LE(size, std::numeric_limits<jint>::max()); + + return env->NewObject(clazz.get(), constructID, static_cast<jint>(size)); } } // namespace android |