ADHOC/replicant-frameworks_native
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Region: Detect malicious overflow in unflatten

Browse Source 
Bug 29983260

Change-Id: Ib6e1cb8ae279010c5e9960aaa03513f55b7d873b
This commit is contained in:
Pablo Ceballos 2016-07-13 14:11:57 -07:00 committed by gitbuildkicker
parent 54cb02ad73
commit 07cd4cdf21
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libs/ui/Region.cpp
View File

@ -795,6 +795,11 @@ status_t Region::unflatten(void const* buffer, size_t size) {
return NO_MEMORY; return NO_MEMORY;
} }
if (numRects > (UINT32_MAX / sizeof(Rect))) {
android_errorWriteWithInfoLog(0x534e4554, "29983260", -1, NULL, 0);
return NO_MEMORY;
}
Region result; Region result;
result.mStorage.clear(); result.mStorage.clear();
for (size_t r = 0; r < numRects; ++r) { for (size_t r = 0; r < numRects; ++r) {