Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Fix buffer size check in replyRead" into pi-dev

Browse Source 
am: cf7b8a1406

Change-Id: I10ad7a0798d11d15fba5e358abd38166f48af488
This commit is contained in:
Ryo Hashimoto
2018-03-16 04:17:04 +00:00
committed by android-build-merger
parent b12f236e41 cf7b8a1406
commit 6fde033eae
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/jni/com_android_internal_os_FuseAppLoop.cpp
View File

@@ -166,8 +166,8 @@ void com_android_internal_os_FuseAppLoop_replyWrite(
void com_android_internal_os_FuseAppLoop_replyRead( void com_android_internal_os_FuseAppLoop_replyRead(
JNIEnv* env, jobject self, jlong ptr, jlong unique, jint size, jbyteArray data) { JNIEnv* env, jobject self, jlong ptr, jlong unique, jint size, jbyteArray data) {
ScopedByteArrayRO array(env, data); ScopedByteArrayRO array(env, data);
CHECK(size >= 0); CHECK_GE(size, 0);
CHECK(static_cast<size_t>(size) < array.size()); CHECK_LE(static_cast<size_t>(size), array.size());
if (!reinterpret_cast<fuse::FuseAppLoop*>(ptr)->ReplyRead(unique, size, array.get())) { if (!reinterpret_cast<fuse::FuseAppLoop*>(ptr)->ReplyRead(unique, size, array.get())) {
reinterpret_cast<fuse::FuseAppLoop*>(ptr)->Break(); reinterpret_cast<fuse::FuseAppLoop*>(ptr)->Break();
} }