case SET_TRANSACTION_STATE: {
CHECK_INTERFACE(ISurfaceComposer, data, reply);
size_t count = data.readInt32();
+ if (count > data.dataSize()) {
+ return BAD_VALUE;
+ }
ComposerState s;
Vector<ComposerState> state;
state.setCapacity(count);
for (size_t i=0 ; i<count ; i++) {
- s.read(data);
+ if (s.read(data) == BAD_VALUE) {
+ return BAD_VALUE;
+ }
state.add(s);
}
count = data.readInt32();
+ if (count > data.dataSize()) {
+ return BAD_VALUE;
+ }
DisplayState d;
Vector<DisplayState> displays;
displays.setCapacity(count);
for (size_t i=0 ; i<count ; i++) {
- d.read(data);
+ if (d.read(data) == BAD_VALUE) {
+ return BAD_VALUE;
+ }
displays.add(d);
}
uint32_t flags = data.readInt32();
alpha = input.readFloat();
flags = input.readInt32();
mask = input.readInt32();
- matrix = *reinterpret_cast<layer_state_t::matrix22_t const *>(
- input.readInplace(sizeof(layer_state_t::matrix22_t)));
+ const void* matrix_data = input.readInplace(sizeof(layer_state_t::matrix22_t));
+ if (matrix_data) {
+ matrix = *reinterpret_cast<layer_state_t::matrix22_t const *>(matrix_data);
+ } else {
+ return BAD_VALUE;
+ }
input.read(crop);
input.read(transparentRegion);
return NO_ERROR;
OSDN Git Service
