Equalizer: Check value size for get preset name

Test: see CTS testAllEffectsEqualizer_CVE_2017_0401 Bug: 37536407 Change-Id: Ifa515dea10c9293022b7d0971d097f0bd727ac6c (cherry picked from commit 8cf151a63177247a370ecdef6f2e1ec0b80901d5) CVE-2017-0767
author: Andy Hung <hunga@google.com> 2017-05-16 15:30:17 -0700
committer: MSe <mse1969@posteo.de> 2017-09-15 23:30:28 +0200
commit: 77cb71f7094bdbd751631ac645e5f7b874c5c043 (patch)
tree: 6c682ede99ae59cb5787c47fcb2411e1633c8e02
parent: 318ae8ccdcb99621a02e887c92337e8a72fb1c57 (diff)
download: android_hardware_qcom_audio-77cb71f7094bdbd751631ac645e5f7b874c5c043.tar.gz
android_hardware_qcom_audio-77cb71f7094bdbd751631ac645e5f7b874c5c043.tar.bz2
android_hardware_qcom_audio-77cb71f7094bdbd751631ac645e5f7b874c5c043.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/post_proc/equalizer.c b/post_proc/equalizer.c
index ee282390..ad297fdf 100644
--- a/post_proc/equalizer.c
+++ b/post_proc/equalizer.c
@@ -329,6 +329,13 @@ int equalizer_get_parameter(effect_context_t *context, effect_param_t *p,
                 }
                 break;
         }
+
+        if (p->vsize < 1) {
+            p->status = -EINVAL;
+            android_errorWriteLog(0x534e4554, "37536407");
+            break;
+        }
+
         name = (char *)value;
         strlcpy(name, equalizer_get_preset_name(eq_ctxt, param2), p->vsize - 1);
         name[p->vsize - 1] = 0;
author	Andy Hung <hunga@google.com>	2017-05-16 15:30:17 -0700
committer	MSe <mse1969@posteo.de>	2017-09-15 23:30:28 +0200
commit	77cb71f7094bdbd751631ac645e5f7b874c5c043 (patch)
tree	6c682ede99ae59cb5787c47fcb2411e1633c8e02
parent	318ae8ccdcb99621a02e887c92337e8a72fb1c57 (diff)
download	android_hardware_qcom_audio-77cb71f7094bdbd751631ac645e5f7b874c5c043.tar.gz android_hardware_qcom_audio-77cb71f7094bdbd751631ac645e5f7b874c5c043.tar.bz2 android_hardware_qcom_audio-77cb71f7094bdbd751631ac645e5f7b874c5c043.zip