Snap for 9049251 from e045d9f873f2232e18b5a56db180af409b19b614 to mainline-media-swcodec-release
Change-Id: If92d6abc965115b6f39d571d1ded4ae3509e8380
diff --git a/gralloc4/src/hidl_common/Allocator.cpp b/gralloc4/src/hidl_common/Allocator.cpp
index 6ca758a..3b8e62a 100644
--- a/gralloc4/src/hidl_common/Allocator.cpp
+++ b/gralloc4/src/hidl_common/Allocator.cpp
@@ -77,7 +77,17 @@
auto hnd = const_cast<private_handle_t *>(reinterpret_cast<const private_handle_t *>(tmpBuffer));
hnd->imapper_version = HIDL_MAPPER_VERSION_SCALED;
+ // 4k is rougly 7.9 MB with one byte per pixel. We are
+ // assuming that the reserved region might be needed for
+ // dynamic HDR and that represents the largest size.
+ uint64_t max_reserved_region_size = 8ull * 1024 * 1024;
hnd->reserved_region_size = bufferDescriptor.reserved_size;
+ if (hnd->reserved_region_size > max_reserved_region_size) {
+ MALI_GRALLOC_LOGE("%s, Requested reserved region size (%" PRIu64 ") is larger than allowed (%" PRIu64 ")",
+ __func__, hnd->reserved_region_size, max_reserved_region_size);
+ error = Error::BAD_VALUE;
+ break;
+ }
hnd->attr_size = mapper::common::shared_metadata_size() + hnd->reserved_region_size;
if (hnd->get_usage() & GRALLOC_USAGE_ROIINFO)
