DivestOS/Patches/LineageOS-14.1/android_hardware_qcom_display/227624.patch

30 lines
1.2 KiB
Diff
Raw Normal View History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2021-07-09 21:04:08 -04:00
From: Courtney Goeltzenleuchter <courtneygo@google.com>
Date: Thu, 24 May 2018 08:23:55 -0600
Subject: [PATCH] Fix Buffer Overflow in Vendor Service display.qservice
Bug: 63145942
Test: adb shell vndservice call display.qservice 36 s16 sdlkfjsadlfkjasdf
Change-Id: I3fdf5ccd2bf4ed0fa980883fefdb57eb5fbfeee7
(cherry picked from commit 4050091844ccd427587024e5fd916113a5cc0029)
---
sdm/libs/hwc2/hwc_session.cpp | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/sdm/libs/hwc2/hwc_session.cpp b/sdm/libs/hwc2/hwc_session.cpp
index 5f825c19b..e4b687d6b 100644
--- a/sdm/libs/hwc2/hwc_session.cpp
+++ b/sdm/libs/hwc2/hwc_session.cpp
@@ -1226,6 +1226,11 @@ android::status_t HWCSession::SetColorModeOverride(const android::Parcel *input_
auto display = static_cast<hwc2_display_t >(input_parcel->readInt32());
auto mode = static_cast<android_color_mode_t>(input_parcel->readInt32());
auto device = static_cast<hwc2_device_t *>(this);
+
+ if (display > HWC_DISPLAY_VIRTUAL) {
+ return -EINVAL;
+ }
+
auto err = CallDisplayFunction(device, display, &HWCDisplay::SetColorMode, mode);
if (err != HWC2_ERROR_NONE)
return -EINVAL;