Merge "Work on issue #17656716: Unhandled exception in Window Manager" into lmp-dev
diff --git a/core/java/android/os/Binder.java b/core/java/android/os/Binder.java
index ba71605..362afba 100644
--- a/core/java/android/os/Binder.java
+++ b/core/java/android/os/Binder.java
@@ -17,6 +17,7 @@
package android.os;
import android.util.Log;
+import android.util.Slog;
import com.android.internal.util.FastPrintWriter;
import java.io.FileDescriptor;
@@ -48,7 +49,7 @@
* of classes can potentially create leaks.
*/
private static final boolean FIND_POTENTIAL_LEAKS = false;
- private static final String TAG = "Binder";
+ static final String TAG = "Binder";
/**
* Control whether dump() calls are allowed.
@@ -385,7 +386,14 @@
super.finalize();
}
}
-
+
+ static void checkParcel(Parcel parcel, String msg) {
+ if (parcel.dataSize() >= 800*1024) {
+ // Trying to send > 800k, this is way too much
+ Slog.wtfStack(TAG, msg + parcel.dataSize());
+ }
+ }
+
private native final void init();
private native final void destroy();
@@ -424,6 +432,7 @@
reply.writeException(re);
res = true;
}
+ checkParcel(reply, "Unreasonably large binder reply buffer: ");
reply.recycle();
data.recycle();
return res;
@@ -433,13 +442,18 @@
final class BinderProxy implements IBinder {
public native boolean pingBinder();
public native boolean isBinderAlive();
-
+
public IInterface queryLocalInterface(String descriptor) {
return null;
}
-
+
+ public boolean transact(int code, Parcel data, Parcel reply, int flags) throws RemoteException {
+ Binder.checkParcel(data, "Unreasonably large binder buffer: ");
+ return transactNative(code, data, reply, flags);
+ }
+
public native String getInterfaceDescriptor() throws RemoteException;
- public native boolean transact(int code, Parcel data, Parcel reply,
+ public native boolean transactNative(int code, Parcel data, Parcel reply,
int flags) throws RemoteException;
public native void linkToDeath(DeathRecipient recipient, int flags)
throws RemoteException;
diff --git a/core/jni/android_util_Binder.cpp b/core/jni/android_util_Binder.cpp
index 81e887d..2dbd382 100644
--- a/core/jni/android_util_Binder.cpp
+++ b/core/jni/android_util_Binder.cpp
@@ -1239,7 +1239,7 @@
{"pingBinder", "()Z", (void*)android_os_BinderProxy_pingBinder},
{"isBinderAlive", "()Z", (void*)android_os_BinderProxy_isBinderAlive},
{"getInterfaceDescriptor", "()Ljava/lang/String;", (void*)android_os_BinderProxy_getInterfaceDescriptor},
- {"transact", "(ILandroid/os/Parcel;Landroid/os/Parcel;I)Z", (void*)android_os_BinderProxy_transact},
+ {"transactNative", "(ILandroid/os/Parcel;Landroid/os/Parcel;I)Z", (void*)android_os_BinderProxy_transact},
{"linkToDeath", "(Landroid/os/IBinder$DeathRecipient;I)V", (void*)android_os_BinderProxy_linkToDeath},
{"unlinkToDeath", "(Landroid/os/IBinder$DeathRecipient;I)Z", (void*)android_os_BinderProxy_unlinkToDeath},
{"destroy", "()V", (void*)android_os_BinderProxy_destroy},