Clear the Parcel before writing an exception during a transaction This prevents any object data from being accidentally overwritten by the exception, which could cause unexpected malformed objects to be sent across the transaction. Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject Bug: 34175893 Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013 Merged-In: Iaf80a0ad711762992b8ae60f76d861c97a403013 (cherry picked from commit f8ef5bcf21c87d8617f5e11810cc94350298d114)

commit: b8b11c7913dd2587187176568a87d3c0642c1c38 [log] [tgz]
author: Michael Wachenschwanz <mwachens@google.com> Wed May 15 22:58:15 2019 -0700
committer: Nikoli Cartagena <dargeren@google.com> Mon Jun 10 14:52:34 2019 -0700
tree: 1e7abbcac4aff2d92468d61ff2485cfb1530b765
parent: 331c07f85a7e7ad538afa6c13f1e5b68337f8f5a [diff]
diff --git a/core/java/android/os/Binder.java b/core/java/android/os/Binder.java
index ff0bc69..b9e2119 100644
--- a/core/java/android/os/Binder.java
+++ b/core/java/android/os/Binder.java

@@ -683,6 +683,8 @@
                     Log.w(TAG, "Caught a RuntimeException from the binder stub implementation.", e);
                 }
             } else {
+                // Clear the parcel before writing the exception
+                reply.setDataSize(0);
                 reply.setDataPosition(0);
                 reply.writeException(e);
             }
commit	b8b11c7913dd2587187176568a87d3c0642c1c38	[log] [tgz]
author	Michael Wachenschwanz <mwachens@google.com>	Wed May 15 22:58:15 2019 -0700
committer	Nikoli Cartagena <dargeren@google.com>	Mon Jun 10 14:52:34 2019 -0700
tree	1e7abbcac4aff2d92468d61ff2485cfb1530b765
parent	331c07f85a7e7ad538afa6c13f1e5b68337f8f5a [diff]