diff options
| author | Ramkumar Radhakrishnan <ramkumar@codeaurora.org> | 2018-09-20 13:17:36 -0700 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2019-01-02 01:32:03 -0800 |
| commit | ca31549428194c83918baf78fd269db67b0c02ec (patch) | |
| tree | f621383e94ce2bf16c18a401edda6d987950a8ae | |
| parent | 6826432f5a89942e534ec15ca856aaa8329aec9d (diff) | |
| download | android_hardware_qcom_sdm845_display-ca31549428194c83918baf78fd269db67b0c02ec.tar.gz android_hardware_qcom_sdm845_display-ca31549428194c83918baf78fd269db67b0c02ec.tar.bz2 android_hardware_qcom_sdm845_display-ca31549428194c83918baf78fd269db67b0c02ec.zip | |
Gralloc: Validate buffer parameters during importBuffer call
Validate buffer parameters like numInts, numFds, version etc of buffer
handle while importing the buffer
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
CRs-Fixed: 2288349
| -rw-r--r-- | gralloc/gr_buf_mgr.cpp | 4 | ||||
| -rw-r--r-- | gralloc/gr_priv_handle.h | 12 |
2 files changed, 11 insertions, 5 deletions
diff --git a/gralloc/gr_buf_mgr.cpp b/gralloc/gr_buf_mgr.cpp index 985dd3ef..48675ad3 100644 --- a/gralloc/gr_buf_mgr.cpp +++ b/gralloc/gr_buf_mgr.cpp @@ -101,6 +101,10 @@ void BufferManager::RegisterHandleLocked(const private_handle_t *hnd, int ion_ha } Error BufferManager::ImportHandleLocked(private_handle_t *hnd) { + if (private_handle_t::validate(hnd) != 0) { + ALOGE("ImportHandleLocked: Invalid handle: %p", hnd); + return Error::BAD_BUFFER; + } ALOGD_IF(DEBUG, "Importing handle:%p id: %" PRIu64, hnd, hnd->id); int ion_handle = allocator_->ImportBuffer(hnd->fd); if (ion_handle < 0) { diff --git a/gralloc/gr_priv_handle.h b/gralloc/gr_priv_handle.h index d0681d78..44ecb78e 100644 --- a/gralloc/gr_priv_handle.h +++ b/gralloc/gr_priv_handle.h @@ -131,12 +131,14 @@ struct private_handle_t : public native_handle_t { static int validate(const native_handle *h) { auto *hnd = static_cast<const private_handle_t *>(h); if (!h || h->version != sizeof(native_handle) || h->numInts != NumInts() || - h->numFds != kNumFds || hnd->magic != kMagic) { - ALOGE( - "Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) " - "magic(%c%c%c%c/%c%c%c%c)", + h->numFds != kNumFds) { + ALOGE("Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) ", h, h ? h->version : -1, sizeof(native_handle), h ? h->numInts : -1, NumInts(), - h ? h->numFds : -1, kNumFds, + h ? h->numFds : -1, kNumFds); + return -EINVAL; + } + if (hnd->magic != kMagic) { + ALOGE("magic(%c%c%c%c/%c%c%c%c)", hnd ? (((hnd->magic >> 24) & 0xFF) ? ((hnd->magic >> 24) & 0xFF) : '-') : '?', hnd ? (((hnd->magic >> 16) & 0xFF) ? ((hnd->magic >> 16) & 0xFF) : '-') : '?', hnd ? (((hnd->magic >> 8) & 0xFF) ? ((hnd->magic >> 8) & 0xFF) : '-') : '?', |