Merge "DO NOT MERGE: Ensure that unparcelling Region only reads the expected number of bytes" into lmp-dev

author: Leon Scroggins III <scroggo@google.com> 2015-06-02 12:48:41 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2015-06-02 12:48:43 +0000
commit: 4dae8e41b530672030731ec7cb69369da645cf30 (patch)
tree: f413807969f1659942837ffdb255d0be00de5e41
parent: bf0652eeea280bb1d687fe2fc3e869e0f6e9a541 (diff)
parent: 6549eed89e50ceafdb88646339288f820711d840 (diff)
download: frameworks_base-4dae8e41b530672030731ec7cb69369da645cf30.zip
frameworks_base-4dae8e41b530672030731ec7cb69369da645cf30.tar.gz
frameworks_base-4dae8e41b530672030731ec7cb69369da645cf30.tar.bz2
1 files changed, 6 insertions, 1 deletions
diff --git a/core/jni/android/graphics/Region.cpp b/core/jni/android/graphics/Region.cpp
index 6b99de8..ec4d8bf 100644
--- a/core/jni/android/graphics/Region.cpp
+++ b/core/jni/android/graphics/Region.cpp
@@ -218,7 +218,12 @@ static jlong Region_createFromParcel(JNIEnv* env, jobject clazz, jobject parcel)
         return NULL;
     }
     SkRegion* region = new SkRegion;
-    region->readFromMemory(regionData, size);
+    size_t actualSize = region->readFromMemory(regionData, size);
+
+    if (size != actualSize) {
+        delete region;
+        return NULL;
+    }
 
     return reinterpret_cast<jlong>(region);
 }
author	Leon Scroggins III <scroggo@google.com>	2015-06-02 12:48:41 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2015-06-02 12:48:43 +0000
commit	4dae8e41b530672030731ec7cb69369da645cf30 (patch)
tree	f413807969f1659942837ffdb255d0be00de5e41
parent	bf0652eeea280bb1d687fe2fc3e869e0f6e9a541 (diff)
parent	6549eed89e50ceafdb88646339288f820711d840 (diff)
download	frameworks_base-4dae8e41b530672030731ec7cb69369da645cf30.zip frameworks_base-4dae8e41b530672030731ec7cb69369da645cf30.tar.gz frameworks_base-4dae8e41b530672030731ec7cb69369da645cf30.tar.bz2