From 35068079c833b5ea508c378701b159b99ee39279 Mon Sep 17 00:00:00 2001 From: Michael Wright Date: Wed, 18 Jan 2017 18:09:29 +0000 Subject: [PATCH] Validate custom pointer icons aren't null. Bug: 33853287 Test: cts Change-Id: I844a9aec6e37e306a77eee0644a774f6470cf5df (cherry picked from commit b004b5137e12bffae9a3d3ae97440c8c24bdc07a) --- core/jni/android_view_PointerIcon.cpp | 3 +++ .../java/com/android/server/input/InputManagerService.java | 2 ++ .../jni/com_android_server_input_InputManagerService.cpp | 6 +++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/core/jni/android_view_PointerIcon.cpp b/core/jni/android_view_PointerIcon.cpp index 6b634dfbef3e5..4150636cae12d 100644 --- a/core/jni/android_view_PointerIcon.cpp +++ b/core/jni/android_view_PointerIcon.cpp @@ -78,6 +78,9 @@ status_t android_view_PointerIcon_load(JNIEnv* env, jobject pointerIconObj, jobj status_t android_view_PointerIcon_getLoadedIcon(JNIEnv* env, jobject pointerIconObj, PointerIcon* outPointerIcon) { + if (!pointerIconObj) { + return BAD_VALUE; + } outPointerIcon->style = env->GetIntField(pointerIconObj, gPointerIconClassInfo.mType); outPointerIcon->hotSpotX = env->GetFloatField(pointerIconObj, gPointerIconClassInfo.mHotSpotX); outPointerIcon->hotSpotY = env->GetFloatField(pointerIconObj, gPointerIconClassInfo.mHotSpotY); diff --git a/services/core/java/com/android/server/input/InputManagerService.java b/services/core/java/com/android/server/input/InputManagerService.java index 74095acca16a4..719ce7618fd0b 100644 --- a/services/core/java/com/android/server/input/InputManagerService.java +++ b/services/core/java/com/android/server/input/InputManagerService.java @@ -25,6 +25,7 @@ import android.view.Display; import com.android.internal.inputmethod.InputMethodSubtypeHandle; import com.android.internal.os.SomeArgs; import com.android.internal.R; +import com.android.internal.util.Preconditions; import com.android.internal.util.XmlUtils; import com.android.server.DisplayThread; import com.android.server.LocalServices; @@ -1705,6 +1706,7 @@ public class InputManagerService extends IInputManager.Stub // Binder call @Override public void setCustomPointerIcon(PointerIcon icon) { + Preconditions.checkNotNull(icon); nativeSetCustomPointerIcon(mPtr, icon); } diff --git a/services/core/jni/com_android_server_input_InputManagerService.cpp b/services/core/jni/com_android_server_input_InputManagerService.cpp index 2f72a5cd1ab5e..88cfce8023afc 100644 --- a/services/core/jni/com_android_server_input_InputManagerService.cpp +++ b/services/core/jni/com_android_server_input_InputManagerService.cpp @@ -1462,7 +1462,11 @@ static void nativeSetCustomPointerIcon(JNIEnv* env, jclass /* clazz */, NativeInputManager* im = reinterpret_cast(ptr); PointerIcon pointerIcon; - android_view_PointerIcon_getLoadedIcon(env, iconObj, &pointerIcon); + status_t result = android_view_PointerIcon_getLoadedIcon(env, iconObj, &pointerIcon); + if (result) { + jniThrowRuntimeException(env, "Failed to load custom pointer icon."); + return; + } SpriteIcon spriteIcon; pointerIcon.bitmap.copyTo(&spriteIcon.bitmap, kN32_SkColorType);