diff options
| author | 2020-03-03 12:51:24 -0800 | |
|---|---|---|
| committer | 2020-03-04 20:02:55 +0000 | |
| commit | 0a52509e8cdc6da93daab9c34fdbb63232fa8adf (patch) | |
| tree | 1a1a84efee0347d90ac0491b092d1d49d97328d6 /services/surfaceflinger/SurfaceFlinger.cpp | |
| parent | 5fad64e09b8a02d4cc14475a92aa612e38cd39f1 (diff) | |
ISurfaceComposer: boundary check input on CAPTURE_LAYERS
Add a sanity check on numExcludeHandles to make sure we don't cause
an overflow.
Test: adb shell /data/nativetest64/SurfaceFlinger_test/SurfaceFlinger_test
Fixes: 146435753
Change-Id: I2c700392727e2f4e0e434fb4c1800f2973c7418b
Merged-In: I2c700392727e2f4e0e434fb4c1800f2973c7418b
Diffstat (limited to 'services/surfaceflinger/SurfaceFlinger.cpp')
| -rw-r--r-- | services/surfaceflinger/SurfaceFlinger.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp index 27bd53cc29..385a093ae8 100644 --- a/services/surfaceflinger/SurfaceFlinger.cpp +++ b/services/surfaceflinger/SurfaceFlinger.cpp @@ -367,7 +367,7 @@ SurfaceFlinger::SurfaceFlinger(Factory& factory) : SurfaceFlinger(factory, SkipI property_get("ro.sf.blurs_are_expensive", value, "0"); mBlursAreExpensive = atoi(value); - const size_t defaultListSize = MAX_LAYERS; + const size_t defaultListSize = ISurfaceComposer::MAX_LAYERS; auto listSize = property_get_int32("debug.sf.max_igbp_list_size", int32_t(defaultListSize)); mMaxGraphicBufferProducerListSize = (listSize > 0) ? size_t(listSize) : defaultListSize; @@ -3066,9 +3066,9 @@ status_t SurfaceFlinger::addClientLayer(const sp<Client>& client, const sp<IBind parent = parentLayer; } - if (mNumLayers >= MAX_LAYERS) { + if (mNumLayers >= ISurfaceComposer::MAX_LAYERS) { ALOGE("AddClientLayer failed, mNumLayers (%zu) >= MAX_LAYERS (%zu)", mNumLayers.load(), - MAX_LAYERS); + ISurfaceComposer::MAX_LAYERS); return NO_MEMORY; } |