DO NOT MERGE: Ensure that unparcelling Region only reads the expected number of bytes

author Leon Scroggins III <scroggo@google.com>

Fri, 29 May 2015 20:13:11 +0000 (16:13 -0400)

committer The Android Automerger <android-build@google.com>

Fri, 14 Aug 2015 02:41:42 +0000 (19:41 -0700)
author Leon Scroggins III <scroggo@google.com>
Fri, 29 May 2015 20:13:11 +0000 (16:13 -0400)
committer The Android Automerger <android-build@google.com>
Fri, 14 Aug 2015 02:41:42 +0000 (19:41 -0700)
diff --git a/core/jni/android/graphics/Region.cpp b/core/jni/android/graphics/Region.cpp

index 6b99de8..ec4d8bf 100644 (file)
--- a/core/jni/android/graphics/Region.cpp
+++ b/core/jni/android/graphics/Region.cpp
@@ -218,7 +218,12 @@ static jlong Region_createFromParcel(JNIEnv* env, jobject clazz, jobject parcel)
          return NULL;
      }
      SkRegion* region = new SkRegion;
-    region->readFromMemory(regionData, size);
+    size_t actualSize = region->readFromMemory(regionData, size);
+
+    if (size != actualSize) {
+        delete region;
+        return NULL;
+    }
  
      return reinterpret_cast<jlong>(region);
  }
author	Leon Scroggins III <scroggo@google.com>
	Fri, 29 May 2015 20:13:11 +0000 (16:13 -0400)
committer	The Android Automerger <android-build@google.com>
	Fri, 14 Aug 2015 02:41:42 +0000 (19:41 -0700)