Bug 1145389 - Add gralloc allocation requet size check r=nical
authorSotaro Ikeda <sikeda@mozilla.com>
Wed, 25 Mar 2015 18:05:11 -0700
changeset 264624 628e263e2205022d933a57cf7a4baca14835c9a0
parent 264623 05dcd4a98b9725c8d93f35abf48d2b014c420626
child 264625 f778ed14214557aa9c07aecea6b4ee42e769d8af
push id4718
push userraliiev@mozilla.com
push dateMon, 11 May 2015 18:39:53 +0000
treeherdermozilla-beta@c20c4ef55f08 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnical
bugs1145389
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1145389 - Add gralloc allocation requet size check r=nical
gfx/layers/ipc/SharedBufferManagerParent.cpp
--- a/gfx/layers/ipc/SharedBufferManagerParent.cpp
+++ b/gfx/layers/ipc/SharedBufferManagerParent.cpp
@@ -208,17 +208,22 @@ PSharedBufferManagerParent* SharedBuffer
 bool SharedBufferManagerParent::RecvAllocateGrallocBuffer(const IntSize& aSize, const uint32_t& aFormat, const uint32_t& aUsage, mozilla::layers::MaybeMagicGrallocBufferHandle* aHandle)
 {
 #ifdef MOZ_HAVE_SURFACEDESCRIPTORGRALLOC
 
   *aHandle = null_t();
 
   if (aFormat == 0 || aUsage == 0) {
     printf_stderr("SharedBufferManagerParent::RecvAllocateGrallocBuffer -- format and usage must be non-zero");
-    return true;
+    return false;
+  }
+
+  if (aSize.width <= 0 || aSize.height <= 0) {
+    printf_stderr("SharedBufferManagerParent::RecvAllocateGrallocBuffer -- requested gralloc buffer size is invalid");
+    return false;
   }
 
   // If the requested size is too big (i.e. exceeds the commonly used max GL texture size)
   // then we risk OOMing the parent process. It's better to just deny the allocation and
   // kill the child process, which is what the following code does.
   // TODO: actually use GL_MAX_TEXTURE_SIZE instead of hardcoding 4096
   if (aSize.width > 4096 || aSize.height > 4096) {
     printf_stderr("SharedBufferManagerParent::RecvAllocateGrallocBuffer -- requested gralloc buffer is too big.");