From 36dd3c28898248fe5ecb7e256025499bb8d6275a Mon Sep 17 00:00:00 2001
From: Sergio Giro <sgiro@google.com>
Date: Tue, 28 Jun 2016 18:24:52 +0100
Subject: Add bound checks to utf16_to_utf8

Bug: 29250543
Change-Id: I3518416e89ed901021970958fb6005fd69129f7c
(cherry picked from commit 1d3f4278b2666d1a145af2f54782c993aa07d1d9)
---
 media/libmediaplayerservice/MediaPlayerService.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'media/libmediaplayerservice')

diff --git a/media/libmediaplayerservice/MediaPlayerService.cpp b/media/libmediaplayerservice/MediaPlayerService.cpp
index bcfd83a..b8c610d 100644
--- a/media/libmediaplayerservice/MediaPlayerService.cpp
+++ b/media/libmediaplayerservice/MediaPlayerService.cpp
@@ -237,7 +237,8 @@ void unmarshallAudioAttributes(const Parcel& parcel, audio_attributes_t *attribu
             // copying array size -1, array for tags was calloc'd, no need to NULL-terminate it
             size_t tagSize = realTagSize > AUDIO_ATTRIBUTES_TAGS_MAX_SIZE - 1 ?
                     AUDIO_ATTRIBUTES_TAGS_MAX_SIZE - 1 : realTagSize;
-            utf16_to_utf8(tags.string(), tagSize, attributes->tags);
+            utf16_to_utf8(tags.string(), tagSize, attributes->tags,
+                    sizeof(attributes->tags) / sizeof(attributes->tags[0]));
         }
     } else {
         ALOGE("unmarshallAudioAttributes() received unflattened tags, ignoring tag values");
-- 
cgit v1.1