diff options
| author | Leon Scroggins III <scroggo@google.com> | 2015-05-26 16:41:09 -0400 |
|---|---|---|
| committer | The Android Automerger <android-build@google.com> | 2015-08-13 19:41:41 -0700 |
| commit | 4cff1f49ff95d990d6c2614da5d5a23d02145885 (patch) | |
| tree | 9c4df3c5515684efbd2145bd9add4e738ef1f958 | |
| parent | a5e904e7eb3aaec532de83ca52e24af18e0496b4 (diff) | |
| download | base-4cff1f49ff95d990d6c2614da5d5a23d02145885.tar.gz | |
Check that the parcel contained the expected amount of region data. DO NOT MERGE
bug:20883006
Change-Id: Ib47a8ec8696dbc37e958b8dbceb43fcbabf6605b
| -rw-r--r-- | core/jni/android/graphics/Region.cpp | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/core/jni/android/graphics/Region.cpp b/core/jni/android/graphics/Region.cpp index 912968a9da3f..6b99de85a248 100644 --- a/core/jni/android/graphics/Region.cpp +++ b/core/jni/android/graphics/Region.cpp @@ -212,9 +212,13 @@ static jlong Region_createFromParcel(JNIEnv* env, jobject clazz, jobject parcel) android::Parcel* p = android::parcelForJavaObject(env, parcel); + const size_t size = p->readInt32(); + const void* regionData = p->readInplace(size); + if (regionData == NULL) { + return NULL; + } SkRegion* region = new SkRegion; - size_t size = p->readInt32(); - region->readFromMemory(p->readInplace(size), size); + region->readFromMemory(regionData, size); return reinterpret_cast<jlong>(region); } |