From 304bbd287c7a18f66f18daaed0d0aae78199bdd9 Mon Sep 17 00:00:00 2001
From: Mathieu Chartier <mathieuc@google.com>
Date: Wed, 21 May 2014 15:14:02 -0700
Subject: [PATCH] Temporary fix for buffer overrun issue.

Allocating the bitmap using getSafeSize() causes problems since
getSafeSize64() < getSize() if there is a stride. Since everywhere
else uses getSize() it results in a lot of possible buffer overruns.
The fix reverts to using getSize instead of getSafeSize64.

Bug: 15089814
Change-Id: Ia471cf9715672d57bb7eb61bf735064aeb405ffe
---
 core/jni/android/graphics/Graphics.cpp | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/core/jni/android/graphics/Graphics.cpp b/core/jni/android/graphics/Graphics.cpp
index ed28c24cf98b3..dce185d3c32db 100644
--- a/core/jni/android/graphics/Graphics.cpp
+++ b/core/jni/android/graphics/Graphics.cpp
@@ -582,14 +582,7 @@ jbyteArray GraphicsJNI::allocateJavaPixelRef(JNIEnv* env, SkBitmap* bitmap,
         return NULL;
     }
 
-    const int64_t size64 = info.getSafeSize64(bitmap->rowBytes());
-    if (!sk_64_isS32(size64)) {
-        doThrowIAE(env, "bitmap size exceeds 32bits");
-        return NULL;
-    }
-    const size_t size = sk_64_asS32(size64);
-    SkASSERT(size == info.getSafeSize(bitmap->rowBytes()));
-
+    const size_t size = bitmap->getSize();
     jbyteArray arrayObj = (jbyteArray) env->CallObjectMethod(gVMRuntime,
                                                              gVMRuntime_newNonMovableArray,
                                                              gByte_class, size);