diff options
| author | Adam Lesinski <adamlesinski@google.com> | 2015-05-19 00:30:24 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-05-19 00:30:24 +0000 |
| commit | 0ebd13f0639ddfc3e6e96bbcc6ce5465ca489808 (patch) | |
| tree | 5076acb6b99813aeac04badeb8864385d3a2895d /libcutils | |
| parent | ac9131b30ce333158cc5a43e83a7f776af592fea (diff) | |
| parent | 07edc3b3b3caef7829850633f928ae05f6d49f3a (diff) | |
| download | system_core-0ebd13f0639ddfc3e6e96bbcc6ce5465ca489808.zip system_core-0ebd13f0639ddfc3e6e96bbcc6ce5465ca489808.tar.gz system_core-0ebd13f0639ddfc3e6e96bbcc6ce5465ca489808.tar.bz2 | |
Merge "Prevent integer overflow when allocating native_handle_t" into mnc-dev
Diffstat (limited to 'libcutils')
| -rw-r--r-- | libcutils/native_handle.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/libcutils/native_handle.c b/libcutils/native_handle.c index 9a4a5bb..61fa38e 100644 --- a/libcutils/native_handle.c +++ b/libcutils/native_handle.c @@ -25,11 +25,17 @@ #include <cutils/log.h> #include <cutils/native_handle.h> +static const int kMaxNativeFds = 1024; +static const int kMaxNativeInts = 1024; + native_handle_t* native_handle_create(int numFds, int numInts) { - native_handle_t* h = malloc( - sizeof(native_handle_t) + sizeof(int)*(numFds+numInts)); + if (numFds < 0 || numInts < 0 || numFds > kMaxNativeFds || numInts > kMaxNativeInts) { + return NULL; + } + size_t mallocSize = sizeof(native_handle_t) + (sizeof(int) * (numFds + numInts)); + native_handle_t* h = malloc(mallocSize); if (h) { h->version = sizeof(native_handle_t); h->numFds = numFds; |