Check that the parcel contained the expected amount of region data. DO NOT MERGE

bug:20883006
Change-Id: Ib47a8ec8696dbc37e958b8dbceb43fcbabf6605b

diff --git a/core/jni/android/graphics/Region.cpp b/core/jni/android/graphics/Region.cpp
index 912968a..6b99de8 100644 (file)
--- a/core/jni/android/graphics/Region.cpp
+++ b/core/jni/android/graphics/Region.cpp
@@ -212,9 +212,13 @@ static jlong Region_createFromParcel(JNIEnv* env, jobject clazz, jobject parcel)
 
     android::Parcel* p = android::parcelForJavaObject(env, parcel);
 
+    const size_t size = p->readInt32();
+    const void* regionData = p->readInplace(size);
+    if (regionData == NULL) {
+        return NULL;
+    }
     SkRegion* region = new SkRegion;
-    size_t size = p->readInt32();
-    region->readFromMemory(p->readInplace(size), size);
+    region->readFromMemory(regionData, size);
 
     return reinterpret_cast<jlong>(region);
 }