diff options
| author | Leon Scroggins III <scroggo@google.com> | 2015-05-26 16:41:09 -0400 |
|---|---|---|
| committer | Leon Scroggins III <scroggo@google.com> | 2015-05-26 17:05:22 -0400 |
| commit | 18d7926709451b9e767731f46778e4238fc8e3b5 (patch) | |
| tree | 3e1f6fb009aa138f9c3d39eea57d6d447126b7b5 | |
| parent | 69b8e962e1b8346b33a2c14889547a0ac00c8b17 (diff) | |
| download | frameworks_base-18d7926709451b9e767731f46778e4238fc8e3b5.zip frameworks_base-18d7926709451b9e767731f46778e4238fc8e3b5.tar.gz frameworks_base-18d7926709451b9e767731f46778e4238fc8e3b5.tar.bz2 | |
Check that the parcel contained the expected amount of region data. DO NOT MERGE
bug:20883006
Change-Id: Ib47a8ec8696dbc37e958b8dbceb43fcbabf6605b
| -rw-r--r-- | core/jni/android/graphics/Region.cpp | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/core/jni/android/graphics/Region.cpp b/core/jni/android/graphics/Region.cpp index f0a7baf..1e0cf96 100644 --- a/core/jni/android/graphics/Region.cpp +++ b/core/jni/android/graphics/Region.cpp @@ -175,9 +175,13 @@ static SkRegion* Region_createFromParcel(JNIEnv* env, jobject clazz, jobject par android::Parcel* p = android::parcelForJavaObject(env, parcel); + const size_t size = p->readInt32(); + const void* regionData = p->readInplace(size); + if (regionData == NULL) { + return NULL; + } SkRegion* region = new SkRegion; - size_t size = p->readInt32(); - region->readFromMemory(p->readInplace(size), size); + region->readFromMemory(regionData, size); return region; } |