Merge "AImageDecoder: Make create enforce int32_t dimensions"

author: Leon Scroggins <scroggo@google.com> 2020-02-12 15:41:51 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-02-12 15:41:51 +0000
commit: 69b9dcf528137fabb0214427457518e03cd2c682 (patch)
tree: 949bd826722a429f18a2de1808947b08ba3314f7 /native/graphics
parent: 9ab79433f74c3d3f670f3b036f9c35ad254ba877 (diff)
parent: 2e6bedf937c7fd62a044d873422561d9b1e2e245 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/native/graphics/jni/imagedecoder.cpp b/native/graphics/jni/imagedecoder.cpp
index 2e4d2140809e..d1946b085df4 100644
--- a/native/graphics/jni/imagedecoder.cpp
+++ b/native/graphics/jni/imagedecoder.cpp
@@ -28,6 +28,7 @@
 #include <utils/Color.h>
 
 #include <fcntl.h>
+#include <limits>
 #include <optional>
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -70,6 +71,14 @@ static int createFromStream(std::unique_ptr<SkStreamRewindable> stream, AImageDe
         return ResultToErrorCode(result);
     }
 
+    // AImageDecoderHeaderInfo_getWidth/Height return an int32_t. Ensure that
+    // the conversion is safe.
+    const auto& info = androidCodec->getInfo();
+    if (info.width() > std::numeric_limits<int32_t>::max()
+        || info.height() > std::numeric_limits<int32_t>::max()) {
+        return ANDROID_IMAGE_DECODER_INVALID_INPUT;
+    }
+
     *outDecoder = reinterpret_cast<AImageDecoder*>(new ImageDecoder(std::move(androidCodec)));
     return ANDROID_IMAGE_DECODER_SUCCESS;
 }
author	Leon Scroggins <scroggo@google.com>	2020-02-12 15:41:51 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-02-12 15:41:51 +0000
commit	69b9dcf528137fabb0214427457518e03cd2c682 (patch)
tree	949bd826722a429f18a2de1808947b08ba3314f7 /native/graphics
parent	9ab79433f74c3d3f670f3b036f9c35ad254ba877 (diff)
parent	2e6bedf937c7fd62a044d873422561d9b1e2e245 (diff)