commit b9722ade1b81dad881253370d4ffa04e7430968f
author Christopher Tate <ctate@google.com> Wed Feb 17 19:29:18 2016 +0000
committer android-build-merger <android-build-merger@google.com> Wed Feb 17 19:29:18 2016 +0000
tree a612fcdbd9b9531e3f7f21eb48fcae7f7a5d3686
parent 71379b76984508cb7f498cdb9350bba0c18b0340
parent 203bd542df2f74092355b42fbb73fdcd162672ed

Sanity check IMemory access versus underlying mmap am: 94b0d4e3ab am: ef6908e2b3 am: 97f49e50de am: 84f488f354 am: ebdad60d6b am: fc598c54d9
am: f9e5e80bc1

* commit 'f9e5e80bc1fe9255fa65b7185514d86beee5952a':
  Sanity check IMemory access versus underlying mmap

Parcel.cpp

diff --git a/Parcel.cpp b/Parcel.cpp
index 22d7ef3..1429a5c 100644
--- a/Parcel.cpp
+++ b/Parcel.cpp
@@ -17,40 +17,42 @@
 #define LOG_TAG "Parcel"
 //#define LOG_NDEBUG 0
 
-#include <binder/Parcel.h>
+#include <errno.h>
+#include <inttypes.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
 
-#include <binder/IPCThreadState.h>
 #include <binder/Binder.h>
 #include <binder/BpBinder.h>
+#include <binder/IPCThreadState.h>
+#include <binder/Parcel.h>
 #include <binder/ProcessState.h>
 #include <binder/TextOutput.h>
 
-#include <errno.h>
+#include <cutils/ashmem.h>
 #include <utils/Debug.h>
+#include <utils/Flattenable.h>
 #include <utils/Log.h>
+#include <utils/misc.h>
 #include <utils/String8.h>
 #include <utils/String16.h>
-#include <utils/misc.h>
-#include <utils/Flattenable.h>
-#include <cutils/ashmem.h>
 
 #include <private/binder/binder_module.h>
 #include <private/binder/Static.h>
 
-#include <inttypes.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <sys/mman.h>
-
 #ifndef INT32_MAX
 #define INT32_MAX ((int32_t)(2147483647))
 #endif
 
 #define LOG_REFS(...)
-//#define LOG_REFS(...) ALOG(LOG_DEBUG, "Parcel", __VA_ARGS__)
+//#define LOG_REFS(...) ALOG(LOG_DEBUG, LOG_TAG, __VA_ARGS__)
 #define LOG_ALLOC(...)
-//#define LOG_ALLOC(...) ALOG(LOG_DEBUG, "Parcel", __VA_ARGS__)
+//#define LOG_ALLOC(...) ALOG(LOG_DEBUG, LOG_TAG, __VA_ARGS__)
 
 // ---------------------------------------------------------------------------
 
@@ -123,8 +125,10 @@
             return;
         }
         case BINDER_TYPE_FD: {
-            if (obj.cookie != 0) {
-                if (outAshmemSize != NULL) {
+            if ((obj.cookie != 0) && (outAshmemSize != NULL)) {
+                struct stat st;
+                int ret = fstat(obj.handle, &st);
+                if (!ret && S_ISCHR(st.st_mode)) {
                     // If we own an ashmem fd, keep track of how much memory it refers to.
                     int size = ashmem_get_size_region(obj.handle);
                     if (size > 0) {
@@ -173,15 +177,19 @@
             return;
         }
         case BINDER_TYPE_FD: {
-            if (outAshmemSize != NULL) {
-                if (obj.cookie != 0) {
-                    int size = ashmem_get_size_region(obj.handle);
-                    if (size > 0) {
-                        *outAshmemSize -= size;
+            if (obj.cookie != 0) { // owned
+                if (outAshmemSize != NULL) {
+                    struct stat st;
+                    int ret = fstat(obj.handle, &st);
+                    if (!ret && S_ISCHR(st.st_mode)) {
+                        int size = ashmem_get_size_region(obj.handle);
+                        if (size > 0) {
+                            *outAshmemSize -= size;
+                        }
                     }
-
-                    close(obj.handle);
                 }
+
+                close(obj.handle);
             }
             return;
         }