diff options
| author | Michael Lentine <mlentine@google.com> | 2015-02-18 10:14:18 -0800 |
|---|---|---|
| committer | Dan Stoza <stoza@google.com> | 2015-03-18 16:00:05 -0700 |
| commit | c168b8a5a9dcc0e45e32fc3cd40b9410e0288fb1 (patch) | |
| tree | 9f3f7ea37a87587a07f28a4ec1fda30f77348293 /libs/ui | |
| parent | 3be1c6b60a188dc10025e2ce156c11fac050625d (diff) | |
| download | frameworks_native-c168b8a5a9dcc0e45e32fc3cd40b9410e0288fb1.zip frameworks_native-c168b8a5a9dcc0e45e32fc3cd40b9410e0288fb1.tar.gz frameworks_native-c168b8a5a9dcc0e45e32fc3cd40b9410e0288fb1.tar.bz2 | |
Update maxNumber to be smaller.
There shouldn't be more than 4096 fds (probably signficantly smaller) and
there shouldn't be more than 4096 ints.
Cherry pick of I3a3e50ee3078a4710e9737114e65afc923ed0573
Bug: 18076253
Change-Id: I82a883572b401f115d252dcd3d00aa7252b49b0e
Diffstat (limited to 'libs/ui')
| -rw-r--r-- | libs/ui/GraphicBuffer.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/libs/ui/GraphicBuffer.cpp b/libs/ui/GraphicBuffer.cpp index 425df38..638ac62 100644 --- a/libs/ui/GraphicBuffer.cpp +++ b/libs/ui/GraphicBuffer.cpp @@ -323,7 +323,11 @@ status_t GraphicBuffer::unflatten( const size_t numFds = static_cast<size_t>(buf[8]); const size_t numInts = static_cast<size_t>(buf[9]); - const size_t maxNumber = UINT_MAX / sizeof(int); + // Limit the maxNumber to be relatively small. The number of fds or ints + // should not come close to this number, and the number itself was simply + // chosen to be high enough to not cause issues and low enough to prevent + // overflow problems. + const size_t maxNumber = 4096; if (numFds >= maxNumber || numInts >= (maxNumber - 10)) { width = height = stride = format = usage = 0; handle = NULL; |