From 69876c188bfc98081a46423f1285ff9dbee39e00 Mon Sep 17 00:00:00 2001 From: Subash Chander Date: Thu, 24 Jan 2019 15:33:57 +0530 Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call Validate buffer parameters like numInts, numFds, version etc of buffer handle while importing the buffer CRs-Fixed: 2337383 Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17 Signed-off-by: Subash Chander --- libgralloc/gralloc_priv.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h index a2c71a420..53c1c056e 100644 --- a/libgralloc/gralloc_priv.h +++ b/libgralloc/gralloc_priv.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 The Android Open Source Project - * Copyright (c) 2011-2014, The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2014, 2019 The Linux Foundation. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -257,16 +257,16 @@ struct private_handle_t : public native_handle { static int validate(const native_handle* h) { const private_handle_t* hnd = (const private_handle_t*)h; if (!h || h->version != sizeof(native_handle) || - h->numInts != sNumInts || h->numFds != sNumFds || - hnd->magic != sMagic) - { + h->numInts != sNumInts || h->numFds != sNumFds) { ALOGD("Invalid gralloc handle (at %p): " - "ver(%d/%zu) ints(%d/%d) fds(%d/%d)" - "magic(%c%c%c%c/%c%c%c%c)", - h, - h ? h->version : -1, sizeof(native_handle), + "ver(%d/%zu) ints(%d/%d) fds(%d/%d)", + h, h ? h->version : -1, sizeof(native_handle), h ? h->numInts : -1, sNumInts, - h ? h->numFds : -1, sNumFds, + h ? h->numFds : -1, sNumFds); + return -EINVAL; + } + if (hnd->magic != sMagic) { + ALOGD("magic(%c%c%c%c/%c%c%c%c)", hnd ? (((hnd->magic >> 24) & 0xFF)? ((hnd->magic >> 24) & 0xFF) : '-') : '?', hnd ? (((hnd->magic >> 16) & 0xFF)?