OSDN Git Service
(root)
/
android-x86
/
frameworks-native.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
a1952f0
)
Region: Detect malicious overflow in unflatten
author
Pablo Ceballos
<pceballos@google.com>
Wed, 13 Jul 2016 21:11:57 +0000
(14:11 -0700)
committer
Pablo Ceballos
<pceballos@google.com>
Thu, 14 Jul 2016 14:05:19 +0000
(14:05 +0000)
Bug
29983260
Change-Id: Ib6e1cb8ae279010c5e9960aaa03513f55b7d873b
libs/ui/Region.cpp
patch
|
blob
|
history
diff --git
a/libs/ui/Region.cpp
b/libs/ui/Region.cpp
index
3810da4
..
cfed7a9
100644
(file)
--- a/
libs/ui/Region.cpp
+++ b/
libs/ui/Region.cpp
@@
-795,6
+795,11
@@
status_t Region::unflatten(void const* buffer, size_t size) {
return NO_MEMORY;
}
+ if (numRects > (UINT32_MAX / sizeof(Rect))) {
+ android_errorWriteWithInfoLog(0x534e4554, "29983260", -1, NULL, 0);
+ return NO_MEMORY;
+ }
+
Region result;
result.mStorage.clear();
for (size_t r = 0; r < numRects; ++r) {
OSDN Git Service
