libui: add boundary check to GraphicBuffer::unflatten

Commit cb496acbe593326e8d5d563847067d02b2df40ec removed the boundary check by accident. Bug: 114223584 Test: manual Change-Id: I057bc02d5807e438530d1a5327c2e02b9d154151 (cherry picked from commit bf8d7210c4bbbdc875e9695a301cdf9c3b544279)
author: Chia-I Wu <olv@google.com> 2018-10-09 15:22:46 -0700
committer: Rohit Yengisetty <rngy@google.com> 2018-10-16 17:30:21 -0700
commit: 418e768825e692582d9f68e24fcb2720af0af740 (patch)
tree: a0d9ed096f4575e031599b98d7d284e1b04c0634
parent: d62837ea7d41be3c6f77a2ddbb54837ce052e3d3 (diff)
download: native-418e768825e692582d9f68e24fcb2720af0af740.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libs/ui/GraphicBuffer.cpp b/libs/ui/GraphicBuffer.cpp
index 254038b0ad..7670ac6fbd 100644
--- a/libs/ui/GraphicBuffer.cpp
+++ b/libs/ui/GraphicBuffer.cpp
@@ -377,6 +377,10 @@ status_t GraphicBuffer::flatten(void*& buffer, size_t& size, int*& fds, size_t&
 
 status_t GraphicBuffer::unflatten(
         void const*& buffer, size_t& size, int const*& fds, size_t& count) {
+    if (size < 12 * sizeof(int)) {
+        android_errorWriteLog(0x534e4554, "114223584");
+        return NO_MEMORY;
+    }
 
     int const* buf = static_cast<int const*>(buffer);
author	Chia-I Wu <olv@google.com>	2018-10-09 15:22:46 -0700
committer	Rohit Yengisetty <rngy@google.com>	2018-10-16 17:30:21 -0700
commit	418e768825e692582d9f68e24fcb2720af0af740 (patch)
tree	a0d9ed096f4575e031599b98d7d284e1b04c0634
parent	d62837ea7d41be3c6f77a2ddbb54837ce052e3d3 (diff)
download	native-418e768825e692582d9f68e24fcb2720af0af740.tar.gz