From c168b8a5a9dcc0e45e32fc3cd40b9410e0288fb1 Mon Sep 17 00:00:00 2001
From: Michael Lentine <mlentine@google.com>
Date: Wed, 18 Feb 2015 10:14:18 -0800
Subject: Update maxNumber to be smaller.

There shouldn't be more than 4096 fds (probably signficantly smaller) and
there shouldn't be more than 4096 ints.

Cherry pick of I3a3e50ee3078a4710e9737114e65afc923ed0573

Bug: 18076253
Change-Id: I82a883572b401f115d252dcd3d00aa7252b49b0e
---
 libs/ui/GraphicBuffer.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'libs/ui')

diff --git a/libs/ui/GraphicBuffer.cpp b/libs/ui/GraphicBuffer.cpp
index 425df38..638ac62 100644
--- a/libs/ui/GraphicBuffer.cpp
+++ b/libs/ui/GraphicBuffer.cpp
@@ -323,7 +323,11 @@ status_t GraphicBuffer::unflatten(
     const size_t numFds  = static_cast<size_t>(buf[8]);
     const size_t numInts = static_cast<size_t>(buf[9]);
 
-    const size_t maxNumber = UINT_MAX / sizeof(int);
+    // Limit the maxNumber to be relatively small. The number of fds or ints
+    // should not come close to this number, and the number itself was simply
+    // chosen to be high enough to not cause issues and low enough to prevent
+    // overflow problems.
+    const size_t maxNumber = 4096;
     if (numFds >= maxNumber || numInts >= (maxNumber - 10)) {
         width = height = stride = format = usage = 0;
         handle = NULL;
-- 
cgit v1.1