Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c168b8a5 authored by Michael Lentine's avatar Michael Lentine Committed by Dan Stoza
Browse files

Update maxNumber to be smaller. 

There shouldn't be more than 4096 fds (probably signficantly smaller) and
there shouldn't be more than 4096 ints.

Cherry pick of I3a3e50ee3078a4710e9737114e65afc923ed0573

Bug: 18076253
Change-Id: I82a883572b401f115d252dcd3d00aa7252b49b0e
parent 3be1c6b6

libs/ui/GraphicBuffer.cpp

+5 −1
Original line number Diff line number Diff line
@@ -323,7 +323,11 @@ status_t GraphicBuffer::unflatten( 
    const size_t numFds  = static_cast<size_t>(buf[8]);

    const size_t numInts = static_cast<size_t>(buf[9]);



    const size_t maxNumber = UINT_MAX / sizeof(int);

    // Limit the maxNumber to be relatively small. The number of fds or ints

    // should not come close to this number, and the number itself was simply

    // chosen to be high enough to not cause issues and low enough to prevent

    // overflow problems.

    const size_t maxNumber = 4096;

    if (numFds >= maxNumber || numInts >= (maxNumber - 10)) {

        width = height = stride = format = usage = 0;

        handle = NULL;