Equalizer: Check value size for get preset name

Test: see CTS testAllEffectsEqualizer_CVE_2017_0401 Bug: 37536407 Change-Id: Ifa515dea10c9293022b7d0971d097f0bd727ac6c (cherry picked from commit 8cf151a63177247a370ecdef6f2e1ec0b80901d5) CVE-2017-0767
author: Andy Hung <hunga@google.com> 2017-05-16 15:30:17 -0700
committer: MSe <mse1969@posteo.de> 2017-09-15 23:30:20 +0200
commit: 3a48b350bd57248fc0646a6c69fc0afe09721ce4 (patch)
tree: 3f58db2d74b39c986e965b53112264978c05da4b
parent: e62c87b18ce4885b290299a24f42dd2311f86e9b (diff)
download: hardware_qcom_audio-3a48b350bd57248fc0646a6c69fc0afe09721ce4.tar.gz
hardware_qcom_audio-3a48b350bd57248fc0646a6c69fc0afe09721ce4.tar.bz2
hardware_qcom_audio-3a48b350bd57248fc0646a6c69fc0afe09721ce4.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/post_proc/equalizer.c b/post_proc/equalizer.c
index 17993ee4..8d48b024 100644
--- a/post_proc/equalizer.c
+++ b/post_proc/equalizer.c
@@ -327,6 +327,13 @@ int equalizer_get_parameter(effect_context_t *context, effect_param_t *p,
                 }
                 break;
         }
+
+        if (p->vsize < 1) {
+            p->status = -EINVAL;
+            android_errorWriteLog(0x534e4554, "37536407");
+            break;
+        }
+
         name = (char *)value;
         strlcpy(name, equalizer_get_preset_name(eq_ctxt, param2), p->vsize - 1);
         name[p->vsize - 1] = 0;
author	Andy Hung <hunga@google.com>	2017-05-16 15:30:17 -0700
committer	MSe <mse1969@posteo.de>	2017-09-15 23:30:20 +0200
commit	3a48b350bd57248fc0646a6c69fc0afe09721ce4 (patch)
tree	3f58db2d74b39c986e965b53112264978c05da4b
parent	e62c87b18ce4885b290299a24f42dd2311f86e9b (diff)
download	hardware_qcom_audio-3a48b350bd57248fc0646a6c69fc0afe09721ce4.tar.gz hardware_qcom_audio-3a48b350bd57248fc0646a6c69fc0afe09721ce4.tar.bz2 hardware_qcom_audio-3a48b350bd57248fc0646a6c69fc0afe09721ce4.zip