commit 569c3023f839bca077cd3cccef0a3bef9c31af63
author Hani Kazmi <hanikazmi@google.com> Tue Sep 27 10:19:45 2022 +0000
committer Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Sat Oct 08 00:10:19 2022 +0000
tree b3ce1611ed2d9b0ef06ff239da4dbdab415837d8
parent 1e41d33566f84f624f6a755e4493432d5bd82915

Update Parcel readLazyValue to ignore negative object lengths

Addresses a security vulnerability where a (-8) length object would
cause dataPosition to be reset back to the statt of the value, and be
re-read again.

Bug: 240138294
Test: atest ParcelTest BundleTest AmbiguousBundlesTest
Test: manually ran PoC
Change-Id: I1ab1df6f2a802d8cdf02c89c12959b09d7b1a5c4
Merged-In: I1ab1df6f2a802d8cdf02c89c12959b09d7b1a5c4
(cherry picked from commit 8e01230dd264d652c6f4c82d850da5afc4768bdc)
Merged-In: I1ab1df6f2a802d8cdf02c89c12959b09d7b1a5c4