Bug 1145389 - Add gralloc allocation requet size check r=nical
authorSotaro Ikeda <sikeda@mozilla.com>
Wed, 25 Mar 2015 18:05:11 -0700
changeset 266086 628e263e2205022d933a57cf7a4baca14835c9a0
parent 266085 05dcd4a98b9725c8d93f35abf48d2b014c420626
child 266087 f778ed14214557aa9c07aecea6b4ee42e769d8af
push id830
push userraliiev@mozilla.com
push dateFri, 19 Jun 2015 19:24:37 +0000
treeherdermozilla-release@932614382a68 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnical
bugs1145389
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1145389 - Add gralloc allocation requet size check r=nical
gfx/layers/ipc/SharedBufferManagerParent.cpp
--- a/gfx/layers/ipc/SharedBufferManagerParent.cpp
+++ b/gfx/layers/ipc/SharedBufferManagerParent.cpp
@@ -208,17 +208,22 @@ PSharedBufferManagerParent* SharedBuffer
 bool SharedBufferManagerParent::RecvAllocateGrallocBuffer(const IntSize& aSize, const uint32_t& aFormat, const uint32_t& aUsage, mozilla::layers::MaybeMagicGrallocBufferHandle* aHandle)
 {
 #ifdef MOZ_HAVE_SURFACEDESCRIPTORGRALLOC
 
   *aHandle = null_t();
 
   if (aFormat == 0 || aUsage == 0) {
     printf_stderr("SharedBufferManagerParent::RecvAllocateGrallocBuffer -- format and usage must be non-zero");
-    return true;
+    return false;
+  }
+
+  if (aSize.width <= 0 || aSize.height <= 0) {
+    printf_stderr("SharedBufferManagerParent::RecvAllocateGrallocBuffer -- requested gralloc buffer size is invalid");
+    return false;
   }
 
   // If the requested size is too big (i.e. exceeds the commonly used max GL texture size)
   // then we risk OOMing the parent process. It's better to just deny the allocation and
   // kill the child process, which is what the following code does.
   // TODO: actually use GL_MAX_TEXTURE_SIZE instead of hardcoding 4096
   if (aSize.width > 4096 || aSize.height > 4096) {
     printf_stderr("SharedBufferManagerParent::RecvAllocateGrallocBuffer -- requested gralloc buffer is too big.");