Region: Detect malicious overflow in unflatten
Bug 29983260 Change-Id: Ib6e1cb8ae279010c5e9960aaa03513f55b7d873b
This commit is contained in:
parent
3bcf0caa8c
commit
1ecb999624
@ -795,6 +795,11 @@ status_t Region::unflatten(void const* buffer, size_t size) {
|
|||||||
return NO_MEMORY;
|
return NO_MEMORY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (numRects > (UINT32_MAX / sizeof(Rect))) {
|
||||||
|
android_errorWriteWithInfoLog(0x534e4554, "29983260", -1, NULL, 0);
|
||||||
|
return NO_MEMORY;
|
||||||
|
}
|
||||||
|
|
||||||
Region result;
|
Region result;
|
||||||
result.mStorage.clear();
|
result.mStorage.clear();
|
||||||
for (size_t r = 0; r < numRects; ++r) {
|
for (size_t r = 0; r < numRects; ++r) {
|
||||||
|
Loading…
Reference in New Issue
Block a user