Update maxNumber to be smaller.

There shouldn't be more than 4096 fds (probably signficantly smaller) and
there shouldn't be more than 4096 ints.

Bug: 18076253

Change-Id: I3a3e50ee3078a4710e9737114e65afc923ed0573
This commit is contained in:
Michael Lentine 2015-02-18 10:14:18 -08:00
parent e6f7a44e83
commit fde92eb0ff

View File

@ -250,7 +250,11 @@ status_t GraphicBuffer::unflatten(void const* buffer, size_t size,
const size_t numFds = buf[6];
const size_t numInts = buf[7];
const size_t maxNumber = UINT_MAX / sizeof(int);
// Limit the maxNumber to be relatively small. The number of fds or ints
// should not come close to this number, and the number itself was simply
// chosen to be high enough to not cause issues and low enough to prevent
// overflow problems.
const size_t maxNumber = 4096;
if (numFds >= maxNumber || numInts >= (maxNumber - 10)) {
width = height = stride = format = usage = 0;
handle = NULL;