From 295c883fe3105b19bcd0f9e07d54c6b589fc5bff Mon Sep 17 00:00:00 2001 From: Marco Nelissen Date: Mon, 29 Feb 2016 12:47:20 -0800 Subject: DO NOT MERGE Verify OMX buffer sizes prior to access Bug: 27207275 Change-Id: I4412825d1ee233d993af0a67708bea54304ff62d --- media/libstagefright/include/SoftOMXComponent.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'media/libstagefright/include/SoftOMXComponent.h') diff --git a/media/libstagefright/include/SoftOMXComponent.h b/media/libstagefright/include/SoftOMXComponent.h index a808611..3ab6f88 100644 --- a/media/libstagefright/include/SoftOMXComponent.h +++ b/media/libstagefright/include/SoftOMXComponent.h @@ -168,6 +168,22 @@ private: DISALLOW_EVIL_CONSTRUCTORS(SoftOMXComponent); }; +template +bool isValidOMXParam(T *a) { + static_assert(offsetof(typeof(*a), nSize) == 0, "nSize not at offset 0"); + static_assert(std::is_same< decltype(a->nSize), OMX_U32>::value, "nSize has wrong type"); + static_assert(offsetof(typeof(*a), nVersion) == 4, "nVersion not at offset 4"); + static_assert(std::is_same< decltype(a->nVersion), OMX_VERSIONTYPE>::value, + "nVersion has wrong type"); + + if (a->nSize < sizeof(*a)) { + ALOGE("b/27207275: need %zu, got %u", sizeof(*a), a->nSize); + android_errorWriteLog(0x534e4554, "27207275"); + return false; + } + return true; +} + } // namespace android #endif // SOFT_OMX_COMPONENT_H_ -- cgit v1.1