diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-10-03 23:21:33 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-10-03 23:21:33 +0000 |
commit | 0dc11982cb156511934836e14f39a7601cc16207 (patch) | |
tree | 89758523c7e9d1df3e20343f63d7745ff2fccaf8 | |
parent | 26a9cc19b6a4b6e057015d70d0d48b93ec56dcef (diff) | |
parent | d07ee2bceba5315a7cbb08a8f60acaddc894813d (diff) | |
download | gchips-android13-d4-s2-release.tar.gz |
Snap for 9133013 from d07ee2bceba5315a7cbb08a8f60acaddc894813d to tm-d4-releaseandroid-13.0.0_r48android-13.0.0_r47android-13.0.0_r46android13-d4-s2-releaseandroid13-d4-s1-releaseandroid13-d4-release
Change-Id: Ibf940a71d886c1bd24ae0e947eea87e82b6c4589
-rw-r--r-- | gralloc4/src/hidl_common/BufferDescriptor.h | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/gralloc4/src/hidl_common/BufferDescriptor.h b/gralloc4/src/hidl_common/BufferDescriptor.h index abaac62..0d93811 100644 --- a/gralloc4/src/hidl_common/BufferDescriptor.h +++ b/gralloc4/src/hidl_common/BufferDescriptor.h @@ -104,6 +104,7 @@ static uint64_t pop_descriptor_uint64(const hidl_vec<vecT> &vec, size_t *pos) return val; } +// There can only be one string at the end of the descriptor static void push_descriptor_string(hidl_vec<uint8_t> *vec, size_t *pos, const std::string &str) { strcpy(reinterpret_cast<char *>(vec->data() + *pos), str.c_str()); @@ -155,12 +156,18 @@ static bool grallocDecodeBufferDescriptor(const hidl_vec<vecT> &androidDescripto size_t pos = 0; if (((DESCRIPTOR_32BIT_FIELDS * sizeof(uint32_t) / sizeof(vecT)) + - (DESCRIPTOR_64BIT_FIELDS * sizeof(uint64_t) / sizeof(vecT))) > androidDescriptor.size()) + (DESCRIPTOR_64BIT_FIELDS * sizeof(uint64_t) / sizeof(vecT))) + + sizeof('\0') > androidDescriptor.size()) { MALI_GRALLOC_LOGE("Descriptor is too small"); return false; } + if (static_cast<char>(androidDescriptor[androidDescriptor.size() - 1]) != '\0') { + MALI_GRALLOC_LOGE("Descriptor does not contain an ending null character"); + return false; + } + if (pop_descriptor_uint32(androidDescriptor, &pos) != HIDL_MAPPER_VERSION_SCALED / 10) { MALI_GRALLOC_LOGE("Corrupted buffer version in descriptor = %p, pid = %d ", &androidDescriptor, getpid()); |