Equalizer: Check value size for get preset name

Test: see CTS testAllEffectsEqualizer_CVE_2017_0401 Bug: 37536407 Change-Id: Ifa515dea10c9293022b7d0971d097f0bd727ac6c (cherry picked from commit 8cf151a63177247a370ecdef6f2e1ec0b80901d5) (cherry picked from commit 01e8f3b2af9a016bdcfd0f9122f63d426dfaf55b)
author: Andy Hung <hunga@google.com> 2017-05-16 15:30:17 -0700
committer: Arne Coucheron <arco68@gmail.com> 2019-09-28 00:23:56 +0200
commit: b75b9901c7529d54bec044b1c611de18645f6c8e (patch)
tree: 222d221effd897938afc821b490bea7cd325d669
parent: 027d30204dcadcd86321058783276c6530c49021 (diff)
download: hardware_qcom_audio-b75b9901c7529d54bec044b1c611de18645f6c8e.tar.gz
hardware_qcom_audio-b75b9901c7529d54bec044b1c611de18645f6c8e.tar.bz2
hardware_qcom_audio-b75b9901c7529d54bec044b1c611de18645f6c8e.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/post_proc/equalizer.c b/post_proc/equalizer.c
index ee282390..ad297fdf 100644
--- a/post_proc/equalizer.c
+++ b/post_proc/equalizer.c
@@ -329,6 +329,13 @@ int equalizer_get_parameter(effect_context_t *context, effect_param_t *p,
                 }
                 break;
         }
+
+        if (p->vsize < 1) {
+            p->status = -EINVAL;
+            android_errorWriteLog(0x534e4554, "37536407");
+            break;
+        }
+
         name = (char *)value;
         strlcpy(name, equalizer_get_preset_name(eq_ctxt, param2), p->vsize - 1);
         name[p->vsize - 1] = 0;
author	Andy Hung <hunga@google.com>	2017-05-16 15:30:17 -0700
committer	Arne Coucheron <arco68@gmail.com>	2019-09-28 00:23:56 +0200
commit	b75b9901c7529d54bec044b1c611de18645f6c8e (patch)
tree	222d221effd897938afc821b490bea7cd325d669
parent	027d30204dcadcd86321058783276c6530c49021 (diff)
download	hardware_qcom_audio-b75b9901c7529d54bec044b1c611de18645f6c8e.tar.gz hardware_qcom_audio-b75b9901c7529d54bec044b1c611de18645f6c8e.tar.bz2 hardware_qcom_audio-b75b9901c7529d54bec044b1c611de18645f6c8e.zip