From 5cfd16201fbcb4a095071058263682f7b4ab77a5 Mon Sep 17 00:00:00 2001
From: Leon Scroggins III <scroggo@google.com>
Date: Tue, 26 May 2015 16:41:09 -0400
Subject: [PATCH] Check that the parcel contained the expected amount of region
 data. DO NOT MERGE

bug:20883006
Change-Id: Ib47a8ec8696dbc37e958b8dbceb43fcbabf6605b
---
 core/jni/android/graphics/Region.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/core/jni/android/graphics/Region.cpp b/core/jni/android/graphics/Region.cpp
index 912968a9da3f9..6b99de85a2488 100644
--- a/core/jni/android/graphics/Region.cpp
+++ b/core/jni/android/graphics/Region.cpp
@@ -212,9 +212,13 @@ static jlong Region_createFromParcel(JNIEnv* env, jobject clazz, jobject parcel)
 
     android::Parcel* p = android::parcelForJavaObject(env, parcel);
 
+    const size_t size = p->readInt32();
+    const void* regionData = p->readInplace(size);
+    if (regionData == NULL) {
+        return NULL;
+    }
     SkRegion* region = new SkRegion;
-    size_t size = p->readInt32();
-    region->readFromMemory(p->readInplace(size), size);
+    region->readFromMemory(regionData, size);
 
     return reinterpret_cast<jlong>(region);
 }