summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Lentine <mlentine@google.com>2015-02-18 10:14:18 -0800
committerMichael Lentine <mlentine@google.com>2015-02-18 10:34:37 -0800
commitfde92eb0ffcc37106d5fe85bf1f1ba30d8639d17 (patch)
treebbcfcd106a4d322fd5470c2913fd5a1f8051a3e5
parente6f7a44e835d320593fa33052f35ea52948ff0b2 (diff)
downloadframeworks_native-fde92eb0ffcc37106d5fe85bf1f1ba30d8639d17.zip
frameworks_native-fde92eb0ffcc37106d5fe85bf1f1ba30d8639d17.tar.gz
frameworks_native-fde92eb0ffcc37106d5fe85bf1f1ba30d8639d17.tar.bz2
Update maxNumber to be smaller.
There shouldn't be more than 4096 fds (probably signficantly smaller) and there shouldn't be more than 4096 ints. Bug: 18076253 Change-Id: I3a3e50ee3078a4710e9737114e65afc923ed0573
-rw-r--r--libs/ui/GraphicBuffer.cpp6
1 files changed, 5 insertions, 1 deletions
diff --git a/libs/ui/GraphicBuffer.cpp b/libs/ui/GraphicBuffer.cpp
index 4dff5f1..46a5a1d 100644
--- a/libs/ui/GraphicBuffer.cpp
+++ b/libs/ui/GraphicBuffer.cpp
@@ -250,7 +250,11 @@ status_t GraphicBuffer::unflatten(void const* buffer, size_t size,
const size_t numFds = buf[6];
const size_t numInts = buf[7];
- const size_t maxNumber = UINT_MAX / sizeof(int);
+ // Limit the maxNumber to be relatively small. The number of fds or ints
+ // should not come close to this number, and the number itself was simply
+ // chosen to be high enough to not cause issues and low enough to prevent
+ // overflow problems.
+ const size_t maxNumber = 4096;
if (numFds >= maxNumber || numInts >= (maxNumber - 10)) {
width = height = stride = format = usage = 0;
handle = NULL;