diff options
author | Eino-Ville Talvala <etalvala@google.com> | 2016-08-16 15:48:05 -0700 |
---|---|---|
committer | Zach Jang <zachjang@google.com> | 2016-08-30 18:38:35 +0000 |
commit | 25773016a8175b8ebd5b875442e3f155830897f3 (patch) | |
tree | 9dd4d809c432c3b0da81e1e87996d5c85e2e9196 | |
parent | 0cc1982580e8c5c4df519b135b62c662158146b2 (diff) | |
download | android_system_media-25773016a8175b8ebd5b875442e3f155830897f3.tar.gz android_system_media-25773016a8175b8ebd5b875442e3f155830897f3.tar.bz2 android_system_media-25773016a8175b8ebd5b875442e3f155830897f3.zip |
Camera metadata: Check for inconsistent data count
Resolve merge conflict for nyc-release
Also check for overflow of data/entry count on append.
Bug: 30591838
Change-Id: Ibf4c3c6e236cdb28234f3125055d95ef0a2416a2
(cherry picked from commit e9e44f797742f52996ebf307740dad58c28fd9b5)
-rw-r--r-- | camera/src/camera_metadata.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/camera/src/camera_metadata.c b/camera/src/camera_metadata.c index c58a9669..ee39931f 100644 --- a/camera/src/camera_metadata.c +++ b/camera/src/camera_metadata.c @@ -14,6 +14,7 @@ * limitations under the License. */ +#define _GNU_SOURCE // for fdprintf #include <inttypes.h> #include <system/camera_metadata.h> #include <camera_metadata_hidden.h> @@ -357,8 +358,15 @@ int validate_camera_metadata_structure(const camera_metadata_t *metadata, return ERROR; } - const metadata_uptrdiff_t entries_end = - metadata->entries_start + metadata->entry_capacity; + if (metadata->data_count > metadata->data_capacity) { + ALOGE("%s: Data count (%" PRIu32 ") should be <= data capacity " + "(%" PRIu32 ")", + __FUNCTION__, metadata->data_count, metadata->data_capacity); + android_errorWriteLog(SN_EVENT_LOG_ID, "30591838"); + return ERROR; + } + + const metadata_uptrdiff_t entries_end = metadata->entries_start + metadata->entry_capacity; if (entries_end < metadata->entries_start || // overflow check entries_end > metadata->data_start) { @@ -459,6 +467,10 @@ int append_camera_metadata(camera_metadata_t *dst, const camera_metadata_t *src) { if (dst == NULL || src == NULL ) return ERROR; + // Check for overflow + if (src->entry_count + dst->entry_count < src->entry_count) return ERROR; + if (src->data_count + dst->data_count < src->data_count) return ERROR; + // Check for space if (dst->entry_capacity < src->entry_count + dst->entry_count) return ERROR; if (dst->data_capacity < src->data_count + dst->data_count) return ERROR; |