diff options
| author | Andy Hung <hunga@google.com> | 2016-04-29 21:47:35 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2016-04-29 21:47:35 +0000 |
| commit | 4005e7e7d24fa0fe0ab8e8c40b75a5ecf63f5db4 (patch) | |
| tree | f2d27f594c7d1fb912ab82b872a9773a06b743fc /voice_processing | |
| parent | 37c60b911b4b1a909c4b9828ff396a162cd5a240 (diff) | |
| parent | 1015d94fb02b3213c22c9ac4a16b20c4ed9498b6 (diff) | |
| download | android_hardware_qcom_audio-4005e7e7d24fa0fe0ab8e8c40b75a5ecf63f5db4.tar.gz android_hardware_qcom_audio-4005e7e7d24fa0fe0ab8e8c40b75a5ecf63f5db4.tar.bz2 android_hardware_qcom_audio-4005e7e7d24fa0fe0ab8e8c40b75a5ecf63f5db4.zip | |
Fix AudioEffect reply overflow
am: 1015d94fb0
* commit '1015d94fb02b3213c22c9ac4a16b20c4ed9498b6':
Fix AudioEffect reply overflow
Change-Id: I1cdbbe3691fd96b4ee957d848e7ebf68ebc9867f
Diffstat (limited to 'voice_processing')
| -rw-r--r-- | voice_processing/voice_processing.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/voice_processing/voice_processing.c b/voice_processing/voice_processing.c index b3f97c6a..7d2b5929 100644 --- a/voice_processing/voice_processing.c +++ b/voice_processing/voice_processing.c @@ -560,7 +560,9 @@ static int fx_command(effect_handle_t self, if (pCmdData == NULL || cmdSize < (int)sizeof(effect_param_t) || pReplyData == NULL || - *replySize < (int)sizeof(effect_param_t)) { + *replySize < (int)sizeof(effect_param_t) || + // constrain memcpy below + ((effect_param_t *)pCmdData)->psize > *replySize - sizeof(effect_param_t)) { ALOGV("fx_command() EFFECT_CMD_GET_PARAM invalid args"); return -EINVAL; } |