OSDN Git Service
(root)
/
android-x86
/
frameworks-native.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
cdc89a1
)
Region: Detect malicious overflow in unflatten
author
Pablo Ceballos
<pceballos@google.com>
Wed, 13 Jul 2016 21:11:57 +0000
(14:11 -0700)
committer
Dennis Cagle
<d-cagle@codeaurora.org>
Wed, 7 Sep 2016 19:24:35 +0000
(12:24 -0700)
Bug
29983260
Change-Id: Ib6e1cb8ae279010c5e9960aaa03513f55b7d873b
(cherry picked from commit
363247929c35104b3e5ee9e637e9dcf579080aee
)
libs/ui/Region.cpp
patch
|
blob
|
history
diff --git
a/libs/ui/Region.cpp
b/libs/ui/Region.cpp
index
ac37990
..
ee152bf
100644
(file)
--- a/
libs/ui/Region.cpp
+++ b/
libs/ui/Region.cpp
@@
-795,6
+795,11
@@
status_t Region::unflatten(void const* buffer, size_t size) {
return NO_MEMORY;
}
+ if (numRects > (UINT32_MAX / sizeof(Rect))) {
+ android_errorWriteWithInfoLog(0x534e4554, "29983260", -1, NULL, 0);
+ return NO_MEMORY;
+ }
+
Region result;
result.mStorage.clear();
for (size_t r = 0; r < numRects; ++r) {