diff options
| author | Michael Lentine <mlentine@google.com> | 2015-02-18 10:14:18 -0800 |
|---|---|---|
| committer | Brint E. Kriebel <bekit@cyngn.com> | 2015-03-18 22:42:50 +0000 |
| commit | 0dcbd9f1077c6fa727f72dfbd35b83196f5c869c (patch) | |
| tree | fa8f4374c2533286e584eab32a699381ef8fdfa3 | |
| parent | 797b3d74b22ce5f07ccae17c4313118d4e6f7856 (diff) | |
| download | android_frameworks_native-stable/cm-12.0-YNG1TA.tar.gz android_frameworks_native-stable/cm-12.0-YNG1TA.tar.bz2 android_frameworks_native-stable/cm-12.0-YNG1TA.zip | |
Update maxNumber to be smaller.stable/cm-12.0-YNG1TAstable/cm-12.0-YNG1T
There shouldn't be more than 4096 fds (probably signficantly smaller) and
there shouldn't be more than 4096 ints.
Bug: 18076253
Change-Id: I3a3e50ee3078a4710e9737114e65afc923ed0573
(cherry picked from commit f58a148de7ca986efb73e3e3b2a5350d699c7f0a)
| -rw-r--r-- | libs/ui/GraphicBuffer.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/libs/ui/GraphicBuffer.cpp b/libs/ui/GraphicBuffer.cpp index 48b85d1c7..4c46deb6d 100644 --- a/libs/ui/GraphicBuffer.cpp +++ b/libs/ui/GraphicBuffer.cpp @@ -343,7 +343,11 @@ status_t GraphicBuffer::unflatten( const size_t numFds = buf[8]; const size_t numInts = buf[9]; - const size_t maxNumber = UINT_MAX / sizeof(int); + // Limit the maxNumber to be relatively small. The number of fds or ints + // should not come close to this number, and the number itself was simply + // chosen to be high enough to not cause issues and low enough to prevent + // overflow problems. + const size_t maxNumber = 4096; if (numFds >= maxNumber || numInts >= (maxNumber - 10)) { width = height = stride = format = usage = 0; handle = NULL; |