Add earlier CHECK in hidl_string
hidl_string needs to be zero-terminated so that
the kernel can make a copy with it and have it
safely copied over to the the other process (and
that process can use c_str safely).
Right now, this CHECK is in parceling code for
hidl_string, but moving it to setToExternal
and adding additional documentation for clarity.
Bug: N/A
Test: TH
Change-Id: I1e5f338baa5757ec541e0c54f89f64df0a9c9d61
diff --git a/base/HidlSupport.cpp b/base/HidlSupport.cpp
index 8f3c057..a69faa2 100644
--- a/base/HidlSupport.cpp
+++ b/base/HidlSupport.cpp
@@ -254,6 +254,14 @@
if (size > UINT32_MAX) {
LOG(FATAL) << "string size can't exceed 2^32 bytes: " << size;
}
+
+ // When the binder driver copies this data into its buffer, it must
+ // have a zero byte there because the remote process will have a pointer
+ // directly into the read-only binder buffer. If we manually copy the
+ // data now to add a zero, then we lose the efficiency of this method.
+ // Checking here (it's also checked in the parceling code later).
+ CHECK(data[size] == '\0');
+
clear();
mBuffer = data;
diff --git a/base/include/hidl/HidlSupport.h b/base/include/hidl/HidlSupport.h
index f09eb63..d1221fe 100644
--- a/base/include/hidl/HidlSupport.h
+++ b/base/include/hidl/HidlSupport.h
@@ -155,6 +155,8 @@
// Reference an external char array. Ownership is _not_ transferred.
// Caller is responsible for ensuring that underlying memory is valid
// for the lifetime of this hidl_string.
+ //
+ // size == strlen(data)
void setToExternal(const char *data, size_t size);
// offsetof(hidl_string, mBuffer) exposed since mBuffer is private.
