DO NOT MERGE: Ensure that unparcelling Region only reads the expected number of bytes

bug: 20883006 Change-Id: I4f109667fb210a80fbddddf5f1bfb7ef3a02b6ce
author: Leon Scroggins III <scroggo@google.com> 2015-05-29 16:13:11 -0400
committer: Leon Scroggins III <scroggo@google.com> 2015-05-29 16:13:11 -0400
commit: 0d2081734ce124191ac1f3e8585336daa414abbe (patch)
tree: c1e5a8d8e580f13ef17ae95f7cce181720b56fe9
parent: 18d7926709451b9e767731f46778e4238fc8e3b5 (diff)
download: frameworks_base-0d2081734ce124191ac1f3e8585336daa414abbe.zip
frameworks_base-0d2081734ce124191ac1f3e8585336daa414abbe.tar.gz
frameworks_base-0d2081734ce124191ac1f3e8585336daa414abbe.tar.bz2
1 files changed, 6 insertions, 1 deletions
diff --git a/core/jni/android/graphics/Region.cpp b/core/jni/android/graphics/Region.cpp
index 1e0cf96..d901e9c 100644
--- a/core/jni/android/graphics/Region.cpp
+++ b/core/jni/android/graphics/Region.cpp
@@ -181,7 +181,12 @@ static SkRegion* Region_createFromParcel(JNIEnv* env, jobject clazz, jobject par
         return NULL;
     }
     SkRegion* region = new SkRegion;
-    region->readFromMemory(regionData, size);
+    size_t actualSize = region->readFromMemory(regionData, size);
+
+    if (size != actualSize) {
+        delete region;
+        return NULL;
+    }
 
     return region;
 }
author	Leon Scroggins III <scroggo@google.com>	2015-05-29 16:13:11 -0400
committer	Leon Scroggins III <scroggo@google.com>	2015-05-29 16:13:11 -0400
commit	0d2081734ce124191ac1f3e8585336daa414abbe (patch)
tree	c1e5a8d8e580f13ef17ae95f7cce181720b56fe9
parent	18d7926709451b9e767731f46778e4238fc8e3b5 (diff)
download	frameworks_base-0d2081734ce124191ac1f3e8585336daa414abbe.zip frameworks_base-0d2081734ce124191ac1f3e8585336daa414abbe.tar.gz frameworks_base-0d2081734ce124191ac1f3e8585336daa414abbe.tar.bz2