From d5ba82a1fe07a622dec3b304af285bec0410597d Mon Sep 17 00:00:00 2001 From: Leon Scroggins Date: Tue, 13 Oct 2009 14:23:56 -0400 Subject: Prevent getFile from copying when the file is too large. Since the caller expects the data to fit within a certain amount of space, do not copy into the buffer if the data exceeds that space. Requires a change to external/webkit --- core/java/android/webkit/BrowserFrame.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'core/java/android/webkit/BrowserFrame.java') diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java index d2861cb..d1db35e 100644 --- a/core/java/android/webkit/BrowserFrame.java +++ b/core/java/android/webkit/BrowserFrame.java @@ -496,15 +496,18 @@ class BrowserFrame extends Handler { * @param uri A String representing the URI of the desired file. * @param buffer The byte array to copy the data into. * @param offset The offet into buffer to place the data. + * @param expectSize The size that the buffer has allocated for this file. * @return int The size of the given file, or zero if it fails. */ - private int getFile(String uri, byte[] buffer, int offset) { + private int getFile(String uri, byte[] buffer, int offset, + int expectedSize) { int size = 0; try { InputStream stream = mContext.getContentResolver() .openInputStream(Uri.parse(uri)); size = stream.available(); - if (buffer != null && buffer.length - offset >= size) { + if (size <= expectedSize && buffer != null + && buffer.length - offset >= size) { stream.read(buffer, offset, size); } else { size = 0; -- cgit v1.1