DivestOS/Patches/LineageOS-14.1/android_hardware_qcom_display/227623.patch
Tad 4ce35a3c60 Refresh most branch specific patches
Fixed up:
LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch
LineageOS-16.0/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-17.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch

Must review again:
LineageOS-14.1/android_packages_apps_PackageInstaller/64d8b44.patch

Signed-off-by: Tad <tad@spotco.us>
2021-10-16 15:19:55 -04:00

32 lines
1.1 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Courtney Goeltzenleuchter <courtneygo@google.com>
Date: Thu, 24 May 2018 08:23:55 -0600
Subject: [PATCH] Fix Buffer Overflow in Vendor Service display.qservice
Bug: 63145942
Test: adb shell vndservice call display.qservice 36 s16 sdlkfjsadlfkjasdf
Change-Id: I3fdf5ccd2bf4ed0fa980883fefdb57eb5fbfeee7
(cherry picked from commit 4050091844ccd427587024e5fd916113a5cc0029)
---
sdm/libs/hwc2/hwc_session.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sdm/libs/hwc2/hwc_session.cpp b/sdm/libs/hwc2/hwc_session.cpp
index d3c13eee9..90aa4f219 100644
--- a/sdm/libs/hwc2/hwc_session.cpp
+++ b/sdm/libs/hwc2/hwc_session.cpp
@@ -1240,6 +1240,10 @@ android::status_t HWCSession::SetColorModeOverride(const android::Parcel *input_
auto mode = static_cast<android_color_mode_t>(input_parcel->readInt32());
auto device = static_cast<hwc2_device_t *>(this);
+ if (display > HWC_DISPLAY_VIRTUAL) {
+ return -EINVAL;
+ }
+
if (display >= HWC_NUM_DISPLAY_TYPES) {
return -EINVAL;
}
--
2.31.1