From cdadfc211ddd232fde9f63d9aa3ae26af8b8f583 Mon Sep 17 00:00:00 2001 From: Derek Sollenberger Date: Mon, 18 May 2015 14:29:02 -0400 Subject: Check that the parcel contained the expected amount of region data. bug:20883006 Change-Id: Ib47a8ec8696dbc37e958b8dbceb43fcbabf6605b --- core/jni/android/graphics/Region.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'core/jni') diff --git a/core/jni/android/graphics/Region.cpp b/core/jni/android/graphics/Region.cpp index cf02e39..3bab2df 100644 --- a/core/jni/android/graphics/Region.cpp +++ b/core/jni/android/graphics/Region.cpp @@ -212,10 +212,14 @@ static jlong Region_createFromParcel(JNIEnv* env, jobject clazz, jobject parcel) android::Parcel* p = android::parcelForJavaObject(env, parcel); - SkRegion* region = new SkRegion; - size_t size = p->readInt32(); - size_t actualSize = region->readFromMemory(p->readInplace(size), size); + const size_t size = p->readInt32(); + const void* regionData = p->readInplace(size); + if (regionData == nullptr) { + return 0; + } + SkRegion* region = new SkRegion; + size_t actualSize = region->readFromMemory(regionData, size); if (size != actualSize) { delete region; return 0; -- cgit v1.1