61ecb02f54
LocationManagerService was serially stuffing the same Location into multiple Intents, which it would immediately hand off to ActivityManagerService, running as a different thread in the same process. LocationManager would continue to work with that Location while ActivityManagerService worked with a Parceled version of it. However, Location.mExtras is also a Bundle, and both ActivityManagerService and LocationManagerService ended up working with references to the same Bundle. ActivityManagerService needs it in Parceled form (ie mParceledData != null), but LocationManagerService was triggering Bundle.unparcel() when referencing the data contained within. As a result, LocationManagerService was able to trigger NPE (or worse) in ActivityManagerService by manipulating the mExtras member of a Location that was in the process of being reported to listeners. To resolve this issue, I copy-construct a new Location to report to each listener. This should prevent ActivityManagerService and LocationManagerService from referencing the same Bundle data, as Location's copy constructor also copyconstructs the mExtras member, rather than simply share references. Bug: 7518371 Change-Id: I1a92615cba361831494447d5de085a8d910b6b2c