LineageOS/android_vendor_qcom_opensource_display-commonsys-intf
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Gralloc: Fix out of bound read in private_handle_t.

Browse Source 
Change-Id: I3d16321e29291007be0d8be11225f426ea0dd252
CRs-Fixed: 2337383
This commit is contained in:
Ramakant Singh
2019-01-02 11:53:59 +05:30
committed by Gerrit - the friendly Code Review server
parent 30512b61ea
commit 20b6c8c4b9
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
gralloc/gr_priv_handle.h
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2011-2018, The Linux Foundation. All rights reserved. * Copyright (c) 2011-2019, The Linux Foundation. All rights reserved.
* Not a Contribution * Not a Contribution
* *
* Copyright (C) 2008 The Android Open Source Project * Copyright (C) 2008 The Android Open Source Project
@@ -132,12 +132,14 @@ struct private_handle_t : public native_handle_t {
static int validate(const native_handle *h) { static int validate(const native_handle *h) {
auto *hnd = static_cast<const private_handle_t *>(h); auto *hnd = static_cast<const private_handle_t *>(h);
if (!h || h->version != sizeof(native_handle) || h->numInts != NumInts() || if (!h || h->version != sizeof(native_handle) || h->numInts != NumInts() ||
h->numFds != kNumFds || hnd->magic != kMagic) { h->numFds != kNumFds) {
ALOGE( ALOGE("Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
"Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) "
"magic(%c%c%c%c/%c%c%c%c)",
h, h ? h->version : -1, sizeof(native_handle), h ? h->numInts : -1, NumInts(), h, h ? h->version : -1, sizeof(native_handle), h ? h->numInts : -1, NumInts(),
h ? h->numFds : -1, kNumFds, h ? h->numFds : -1, kNumFds);
return -EINVAL;
}
if (hnd->magic != kMagic) {
ALOGE("handle = %p invalid magic(%c%c%c%c/%c%c%c%c)",hnd,
hnd ? (((hnd->magic >> 24) & 0xFF) ? ((hnd->magic >> 24) & 0xFF) : '-') : '?', hnd ? (((hnd->magic >> 24) & 0xFF) ? ((hnd->magic >> 24) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 16) & 0xFF) ? ((hnd->magic >> 16) & 0xFF) : '-') : '?', hnd ? (((hnd->magic >> 16) & 0xFF) ? ((hnd->magic >> 16) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 8) & 0xFF) ? ((hnd->magic >> 8) & 0xFF) : '-') : '?', hnd ? (((hnd->magic >> 8) & 0xFF) ? ((hnd->magic >> 8) & 0xFF) : '-') : '?',