commit 20b6c8c4b94297314bb34fa79af8e7ee4e40148c
author Ramakant Singh <ramakant@codeaurora.org> Wed Jan 02 11:53:59 2019 +0530
committer Gerrit - the friendly Code Review server <code-review@localhost> Tue Jan 15 22:32:37 2019 -0800
tree f9de9b06d4d389673c0c1bf5ba97a61275d8ff7b
parent 30512b61ea06df02f42e086bc1ab34c35203ee61

Gralloc: Fix out of bound read in private_handle_t.

Change-Id: I3d16321e29291007be0d8be11225f426ea0dd252
CRs-Fixed: 2337383

gralloc/gr_priv_handle.h

diff --git a/gralloc/gr_priv_handle.h b/gralloc/gr_priv_handle.h
index 39e5e20..39e3460 100644
--- a/gralloc/gr_priv_handle.h
+++ b/gralloc/gr_priv_handle.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2019, The Linux Foundation. All rights reserved.
  * Not a Contribution
  *
  * Copyright (C) 2008 The Android Open Source Project
@@ -132,12 +132,14 @@
   static int validate(const native_handle *h) {
     auto *hnd = static_cast<const private_handle_t *>(h);
     if (!h || h->version != sizeof(native_handle) || h->numInts != NumInts() ||
-        h->numFds != kNumFds || hnd->magic != kMagic) {
-      ALOGE(
-          "Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) "
-          "magic(%c%c%c%c/%c%c%c%c)",
+        h->numFds != kNumFds) {
+      ALOGE("Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
           h, h ? h->version : -1, sizeof(native_handle), h ? h->numInts : -1, NumInts(),
-          h ? h->numFds : -1, kNumFds,
+          h ? h->numFds : -1, kNumFds);
+      return -EINVAL;
+    }
+    if (hnd->magic != kMagic) {
+      ALOGE("handle = %p  invalid  magic(%c%c%c%c/%c%c%c%c)",hnd,
           hnd ? (((hnd->magic >> 24) & 0xFF) ? ((hnd->magic >> 24) & 0xFF) : '-') : '?',
           hnd ? (((hnd->magic >> 16) & 0xFF) ? ((hnd->magic >> 16) & 0xFF) : '-') : '?',
           hnd ? (((hnd->magic >> 8) & 0xFF) ? ((hnd->magic >> 8) & 0xFF) : '-') : '?',