From 20b6c8c4b94297314bb34fa79af8e7ee4e40148c Mon Sep 17 00:00:00 2001
From: Ramakant Singh <ramakant@codeaurora.org>
Date: Wed, 2 Jan 2019 11:53:59 +0530
Subject: [PATCH] Gralloc: Fix out of bound read in private_handle_t.

Change-Id: I3d16321e29291007be0d8be11225f426ea0dd252
CRs-Fixed: 2337383
---
 gralloc/gr_priv_handle.h | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/gralloc/gr_priv_handle.h b/gralloc/gr_priv_handle.h
index 39e5e20f..39e3460b 100644
--- a/gralloc/gr_priv_handle.h
+++ b/gralloc/gr_priv_handle.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2019, The Linux Foundation. All rights reserved.
  * Not a Contribution
  *
  * Copyright (C) 2008 The Android Open Source Project
@@ -132,12 +132,14 @@ struct private_handle_t : public native_handle_t {
   static int validate(const native_handle *h) {
     auto *hnd = static_cast<const private_handle_t *>(h);
     if (!h || h->version != sizeof(native_handle) || h->numInts != NumInts() ||
-        h->numFds != kNumFds || hnd->magic != kMagic) {
-      ALOGE(
-          "Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) "
-          "magic(%c%c%c%c/%c%c%c%c)",
+        h->numFds != kNumFds) {
+      ALOGE("Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
           h, h ? h->version : -1, sizeof(native_handle), h ? h->numInts : -1, NumInts(),
-          h ? h->numFds : -1, kNumFds,
+          h ? h->numFds : -1, kNumFds);
+      return -EINVAL;
+    }
+    if (hnd->magic != kMagic) {
+      ALOGE("handle = %p  invalid  magic(%c%c%c%c/%c%c%c%c)",hnd,
           hnd ? (((hnd->magic >> 24) & 0xFF) ? ((hnd->magic >> 24) & 0xFF) : '-') : '?',
           hnd ? (((hnd->magic >> 16) & 0xFF) ? ((hnd->magic >> 16) & 0xFF) : '-') : '?',
           hnd ? (((hnd->magic >> 8) & 0xFF) ? ((hnd->magic >> 8) & 0xFF) : '-') : '?',