Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 1619ed4706a0bf906d967ab7987cd4c475ac3462
commit1619ed4706a0bf906d967ab7987cd4c475ac3462[log] [tgz]
authorAdam Lesinski <adamlesinski@google.com>Tue Sep 22 13:02:09 2015 -0700
committerNick Kralevich <nnk@google.com>Thu Oct 01 20:48:23 2015 +0000
tree687e37b2d769b27cc4432e253d877ef585cc87d3
parent3089211ce6c279f92cb3ff8ce4137d322ce1ec97 [diff]
Fix security issues when using Parcel.setDataPosition() with untrusted input

When seeking forward in the Parcel, adding the extracted size to the Parcel.dataPosition()
can result in an overflow. Guard against this.

Bug:23909429
Change-Id: If37cdebbf05a92810300363d1a6ecd8b42b6da26
4 files changed
tree: 687e37b2d769b27cc4432e253d877ef585cc87d3
  1. api/
  2. cmds/
  3. core/
  4. data/
  5. docs/
  6. drm/
  7. graphics/
  8. include/
  9. keystore/
  10. libs/
  11. location/
  12. media/
  13. native/
  14. nfc-extras/
  15. obex/
  16. opengl/
  17. packages/
  18. rs/
  19. samples/
  20. sax/
  21. services/
  22. telecomm/
  23. telephony/
  24. test-runner/
  25. tests/
  26. tools/
  27. wifi/
  28. Android.mk
  29. CleanSpec.mk
  30. MODULE_LICENSE_APACHE2
  31. NOTICE
  32. preloaded-classes