From: Michael Lentine <mlentine@google.com>
Date: Thu, 19 Feb 2015 00:32:42 +0000 (+0000)
Subject: am dc2d031a: am da9fd70d: am 2758eb2e: am fde92eb0: Update maxNumber to be smaller.
X-Git-Tag: android-x86-6.0-r1~270^2^2^2
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=3c0272ba8fbb98b5f1d45c52b1ae5292a8978e7d;p=android-x86%2Fframeworks-native.git

am dc2d031a: am da9fd70d: am 2758eb2e: am fde92eb0: Update maxNumber to be smaller.

* commit 'dc2d031a7ee05725ad3d8cab4887d6c7a4063967':
  Update maxNumber to be smaller.
---

3c0272ba8fbb98b5f1d45c52b1ae5292a8978e7d
diff --cc libs/ui/GraphicBuffer.cpp
index e768f13cf4,6c8272dbee..3ae88408d6
--- a/libs/ui/GraphicBuffer.cpp
+++ b/libs/ui/GraphicBuffer.cpp
@@@ -307,10 -248,14 +307,14 @@@ status_t GraphicBuffer::unflatten
      int const* buf = static_cast<int const*>(buffer);
      if (buf[0] != 'GBFR') return BAD_TYPE;
  
 -    const size_t numFds  = buf[6];
 -    const size_t numInts = buf[7];
 +    const size_t numFds  = buf[8];
 +    const size_t numInts = buf[9];
  
-     const size_t maxNumber = UINT_MAX / sizeof(int);
+     // Limit the maxNumber to be relatively small. The number of fds or ints
+     // should not come close to this number, and the number itself was simply
+     // chosen to be high enough to not cause issues and low enough to prevent
+     // overflow problems.
+     const size_t maxNumber = 4096;
      if (numFds >= maxNumber || numInts >= (maxNumber - 10)) {
          width = height = stride = format = usage = 0;
          handle = NULL;