diff options
author | Andy Hung <hunga@google.com> | 2017-05-16 15:30:17 -0700 |
---|---|---|
committer | MSe <mse1969@posteo.de> | 2017-09-15 23:30:28 +0200 |
commit | 77cb71f7094bdbd751631ac645e5f7b874c5c043 (patch) | |
tree | 6c682ede99ae59cb5787c47fcb2411e1633c8e02 | |
parent | 318ae8ccdcb99621a02e887c92337e8a72fb1c57 (diff) | |
download | android_hardware_qcom_audio-77cb71f7094bdbd751631ac645e5f7b874c5c043.tar.gz android_hardware_qcom_audio-77cb71f7094bdbd751631ac645e5f7b874c5c043.tar.bz2 android_hardware_qcom_audio-77cb71f7094bdbd751631ac645e5f7b874c5c043.zip |
Equalizer: Check value size for get preset name
Test: see CTS testAllEffectsEqualizer_CVE_2017_0401
Bug: 37536407
Change-Id: Ifa515dea10c9293022b7d0971d097f0bd727ac6c
(cherry picked from commit 8cf151a63177247a370ecdef6f2e1ec0b80901d5)
CVE-2017-0767
-rw-r--r-- | post_proc/equalizer.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/post_proc/equalizer.c b/post_proc/equalizer.c index ee282390..ad297fdf 100644 --- a/post_proc/equalizer.c +++ b/post_proc/equalizer.c @@ -329,6 +329,13 @@ int equalizer_get_parameter(effect_context_t *context, effect_param_t *p, } break; } + + if (p->vsize < 1) { + p->status = -EINVAL; + android_errorWriteLog(0x534e4554, "37536407"); + break; + } + name = (char *)value; strlcpy(name, equalizer_get_preset_name(eq_ctxt, param2), p->vsize - 1); name[p->vsize - 1] = 0; |