Temporary fix for buffer overrun issue.

Allocating the bitmap using getSafeSize() causes problems since
getSafeSize64() < getSize() if there is a stride. Since everywhere
else uses getSize() it results in a lot of possible buffer overruns.
The fix reverts to using getSize instead of getSafeSize64.

Bug: 15089814
Change-Id: Ia471cf9715672d57bb7eb61bf735064aeb405ffe

1 files changed, 1 insertions, 8 deletions

diff --git a/core/jni/android/graphics/Graphics.cpp b/core/jni/android/graphics/Graphics.cpp
index ed28c24..dce185d 100644
--- a/core/jni/android/graphics/Graphics.cpp
+++ b/core/jni/android/graphics/Graphics.cpp
@@ -582,14 +582,7 @@ jbyteArray GraphicsJNI::allocateJavaPixelRef(JNIEnv* env, SkBitmap* bitmap,
         return NULL;
     }
 
-    const int64_t size64 = info.getSafeSize64(bitmap->rowBytes());
-    if (!sk_64_isS32(size64)) {
-        doThrowIAE(env, "bitmap size exceeds 32bits");
-        return NULL;
-    }
-    const size_t size = sk_64_asS32(size64);
-    SkASSERT(size == info.getSafeSize(bitmap->rowBytes()));
-
+    const size_t size = bitmap->getSize();
     jbyteArray arrayObj = (jbyteArray) env->CallObjectMethod(gVMRuntime,
                                                              gVMRuntime_newNonMovableArray,
                                                              gByte_class, size);