diff options
| author | Andy Hung <hunga@google.com> | 2016-04-28 13:43:44 -0700 |
|---|---|---|
| committer | Michael Bestas <mikeioannina@cyanogenmod.org> | 2016-07-25 23:14:51 +0300 |
| commit | 29b43a5f819aa6a9fca88aae6d2f53e9e0b3d082 (patch) | |
| tree | 48f8e0be550ff92ffad09a3d76a2ffc5c1335f5e | |
| parent | 68d0fd75a73c04bee94560b13bca5b325b3ef87d (diff) | |
| download | android_hardware_qcom_audio-29b43a5f819aa6a9fca88aae6d2f53e9e0b3d082.tar.gz android_hardware_qcom_audio-29b43a5f819aa6a9fca88aae6d2f53e9e0b3d082.tar.bz2 android_hardware_qcom_audio-29b43a5f819aa6a9fca88aae6d2f53e9e0b3d082.zip | |
DO NOT MERGE Fix AudioEffect reply overflowcm-11.0
Bug: 28173666
Change-Id: I055af37a721b20c5da0f1ec4b02f630dcd5aee02
(cherry picked from commit 7ffa39c45458a3e39210304ef8f5173b52ba486a)
| -rw-r--r-- | voice_processing/voice_processing.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/voice_processing/voice_processing.c b/voice_processing/voice_processing.c index 08acdb4f..e556333c 100644 --- a/voice_processing/voice_processing.c +++ b/voice_processing/voice_processing.c @@ -559,7 +559,9 @@ static int fx_command(effect_handle_t self, if (pCmdData == NULL || cmdSize < (int)sizeof(effect_param_t) || pReplyData == NULL || - *replySize < (int)sizeof(effect_param_t)) { + *replySize < (int)sizeof(effect_param_t) || + // constrain memcpy below + ((effect_param_t *)pCmdData)->psize > *replySize - sizeof(effect_param_t)) { ALOGV("fx_command() EFFECT_CMD_GET_PARAM invalid args"); return -EINVAL; } |