diff options
| author | Andy Hung <hunga@google.com> | 2016-11-04 19:40:53 -0700 |
|---|---|---|
| committer | Abhisek Devkota <ciwrl@lineageos.org> | 2017-02-03 23:17:47 +0000 |
| commit | 178e1e1e6a4fd7c3cc284858c6f56ddf7e2697c3 (patch) | |
| tree | 4f73fff681d89c1630a559c8f20d7e1281982220 | |
| parent | b4a6b14b4bbd839fff29d176a0e318d2720a79ec (diff) | |
| download | frameworks_av-178e1e1e6a4fd7c3cc284858c6f56ddf7e2697c3.zip frameworks_av-178e1e1e6a4fd7c3cc284858c6f56ddf7e2697c3.tar.gz frameworks_av-178e1e1e6a4fd7c3cc284858c6f56ddf7e2697c3.tar.bz2 | |
Effects: Check get parameter command size
Test: Custom test.
Bug: 32438594
Bug: 32624850
Bug: 32635664
Change-Id: I9b1315e2c02f11bea395bfdcf5c1ccddccbad8a6
(cherry picked from commit 3d34cc76e315dfa8c3b1edf78835b0dab4980505)
(cherry picked from commit 26965db50a617f69bdefca0d7533796c80374f2c)
| -rw-r--r-- | services/audioflinger/Effects.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/services/audioflinger/Effects.cpp b/services/audioflinger/Effects.cpp index 5505d2e..d46c10e 100644 --- a/services/audioflinger/Effects.cpp +++ b/services/audioflinger/Effects.cpp @@ -571,6 +571,13 @@ status_t AudioFlinger::EffectModule::command(uint32_t cmdCode, android_errorWriteLog(0x534e4554, "29251553"); return -EINVAL; } + if (cmdCode == EFFECT_CMD_GET_PARAM && + (sizeof(effect_param_t) > cmdSize || + ((effect_param_t *)pCmdData)->psize > cmdSize + - sizeof(effect_param_t))) { + android_errorWriteLog(0x534e4554, "32438594"); + return -EINVAL; + } if ((cmdCode == EFFECT_CMD_SET_PARAM || cmdCode == EFFECT_CMD_SET_PARAM_DEFERRED) && // DEFERRED not generally used (sizeof(effect_param_t) > cmdSize |