Fix a major bug in Bundle when unparcelling from AIDL.
There was a serious problem in the Bundle(Parcel) and readFromParcel() methods,
where it wasn't doing the copying of the Parcel that Parcel.readBundle() does
and is a basic requirement for it to work correctly.
This re-arranges the code to make all of these functions (hopefully) correct.
Also fix a problem in Parcel where we were not duping fds when copying data from
one Parcel to another.
diff --git a/libs/utils/Parcel.cpp b/libs/utils/Parcel.cpp
index e74ad4a..b0e3750 100644
--- a/libs/utils/Parcel.cpp
+++ b/libs/utils/Parcel.cpp
@@ -409,12 +409,16 @@
mObjects[idx++] = off;
mObjectsSize++;
- const flat_binder_object* flat
+ flat_binder_object* flat
= reinterpret_cast<flat_binder_object*>(mData + off);
acquire_object(proc, *flat, this);
- // take note if the object is a file descriptor
if (flat->type == BINDER_TYPE_FD) {
+ // If this is a file descriptor, we need to dup it so the
+ // new Parcel now owns its own fd, and can declare that we
+ // officially know we have fds.
+ flat->handle = dup(flat->handle);
+ flat->cookie = (void*)1;
mHasFds = mFdsKnown = true;
}
}