Clear the Parcel before writing an exception during a transaction

This prevents any object data from being accidentally overwritten by the exception, which could cause unexpected malformed objects to be sent across the transaction. Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject Bug: 34175893 Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013 Merged-In: Iaf80a0ad711762992b8ae60f76d861c97a403013
2019-05-15 22:58:15 -07:00
parent fe9f143d2c
commit f8ef5bcf21
1 changed files with 2 additions and 0 deletions
--- a/core/java/android/os/Binder.java
+++ b/core/java/android/os/Binder.java
@@ -574,6 +574,8 @@ public class Binder implements IBinder {
                    Log.w(TAG, "Caught a RuntimeException from the binder stub implementation.", e);
                }
            } else {
+                // Clear the parcel before writing the exception
+                reply.setDataSize(0);
                reply.setDataPosition(0);
                reply.writeException(e);
            }