Merge "SurfaceFlinger: Fix integer overflow in Mesh ctor" into mnc-dev

This commit is contained in:
Dan Stoza 2015-04-30 21:59:39 +00:00 committed by Android (Google) Code Review
commit 5a5d0672c6

View File

@ -16,14 +16,40 @@
#include "Mesh.h"
#include <utils/Log.h>
namespace android {
Mesh::Mesh(Primitive primitive, size_t vertexCount, size_t vertexSize, size_t texCoordSize)
: mVertexCount(vertexCount), mVertexSize(vertexSize), mTexCoordsSize(texCoordSize),
mPrimitive(primitive)
{
mVertices = new float[(vertexSize + texCoordSize) * vertexCount];
mStride = mVertexSize + mTexCoordsSize;
if (vertexCount == 0) {
mVertices = new float[1];
mVertices[0] = 0.0f;
mStride = 0;
return;
}
size_t stride = vertexSize + texCoordSize;
size_t remainder = (stride * vertexCount) / vertexCount;
// Since all of the input parameters are unsigned, if stride is less than
// either vertexSize or texCoordSize, it must have overflowed. remainder
// will be equal to stride as long as stride * vertexCount doesn't overflow.
if ((stride < vertexSize) || (remainder != stride)) {
ALOGE("Overflow in Mesh(..., %zu, %zu, %zu)", vertexCount, vertexSize,
texCoordSize);
mVertices = new float[1];
mVertices[0] = 0.0f;
mVertexCount = 0;
mVertexSize = 0;
mTexCoordsSize = 0;
mStride = 0;
return;
}
mVertices = new float[stride * vertexCount];
mStride = stride;
}
Mesh::~Mesh() {