Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Temporary fix for buffer overrun issue.

Browse Source 
Allocating the bitmap using getSafeSize() causes problems since
getSafeSize64() < getSize() if there is a stride. Since everywhere
else uses getSize() it results in a lot of possible buffer overruns.
The fix reverts to using getSize instead of getSafeSize64.

Bug: 15089814
Change-Id: Ia471cf9715672d57bb7eb61bf735064aeb405ffe
This commit is contained in:
Mathieu Chartier
2014-05-21 15:14:02 -07:00
parent e34b8abf3a
commit 304bbd287c
1 changed files with 1 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/jni/android/graphics/Graphics.cpp
View File

@@ -582,14 +582,7 @@ jbyteArray GraphicsJNI::allocateJavaPixelRef(JNIEnv* env, SkBitmap* bitmap,
return NULL;
}
const int64_t size64 = info.getSafeSize64(bitmap->rowBytes());
if (!sk_64_isS32(size64)) {
doThrowIAE(env, "bitmap size exceeds 32bits");
return NULL;
}
const size_t size = sk_64_asS32(size64);
SkASSERT(size == info.getSafeSize(bitmap->rowBytes()));
const size_t size = bitmap->getSize();
jbyteArray arrayObj = (jbyteArray) env->CallObjectMethod(gVMRuntime,
gVMRuntime_newNonMovableArray,
gByte_class, size);