From 38add157784a2bb5ddb13558573ece99229bb3b0 Mon Sep 17 00:00:00 2001
From: Leon Scroggins III <scroggo@google.com>
Date: Fri, 29 May 2015 16:13:11 -0400
Subject: DO NOT MERGE: Ensure that unparcelling Region only reads the expected
 number of bytes

bug: 20883006
Change-Id: I4f109667fb210a80fbddddf5f1bfb7ef3a02b6ce

Conflicts:
	core/jni/android/graphics/Region.cpp
---
 core/jni/android/graphics/Region.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/jni/android/graphics/Region.cpp b/core/jni/android/graphics/Region.cpp
index 6ba4de2..81c386f 100644
--- a/core/jni/android/graphics/Region.cpp
+++ b/core/jni/android/graphics/Region.cpp
@@ -181,7 +181,12 @@ static SkRegion* Region_createFromParcel(JNIEnv* env, jobject clazz, jobject par
         return NULL;
     }
     SkRegion* region = new SkRegion;
-    region->unflatten(regionData);
+    size_t actualSize = region->unflatten(regionData);
+
+    if (size != actualSize) {
+        delete region;
+        return NULL;
+    }
 
     return region;
 }
-- 
cgit v1.1