From: Michael Lentine <mlentine@google.com>
Date: Wed, 18 Feb 2015 18:14:18 +0000 (-0800)
Subject: Update maxNumber to be smaller.
X-Git-Tag: android-x86-6.0-r1~270^2^2^2^2^2^2^2
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=fde92eb0;p=android-x86%2Fframeworks-native.git

Update maxNumber to be smaller.

There shouldn't be more than 4096 fds (probably signficantly smaller) and
there shouldn't be more than 4096 ints.

Bug: 18076253

Change-Id: I3a3e50ee3078a4710e9737114e65afc923ed0573
---

diff --git a/libs/ui/GraphicBuffer.cpp b/libs/ui/GraphicBuffer.cpp
index 4dff5f16e8..46a5a1d616 100644
--- a/libs/ui/GraphicBuffer.cpp
+++ b/libs/ui/GraphicBuffer.cpp
@@ -250,7 +250,11 @@ status_t GraphicBuffer::unflatten(void const* buffer, size_t size,
     const size_t numFds  = buf[6];
     const size_t numInts = buf[7];
 
-    const size_t maxNumber = UINT_MAX / sizeof(int);
+    // Limit the maxNumber to be relatively small. The number of fds or ints
+    // should not come close to this number, and the number itself was simply
+    // chosen to be high enough to not cause issues and low enough to prevent
+    // overflow problems.
+    const size_t maxNumber = 4096;
     if (numFds >= maxNumber || numInts >= (maxNumber - 10)) {
         width = height = stride = format = usage = 0;
         handle = NULL;