diff options
author | Andy Hung <hunga@google.com> | 2017-05-16 15:30:17 -0700 |
---|---|---|
committer | MSe <mse1969@posteo.de> | 2017-09-15 23:30:20 +0200 |
commit | 3a48b350bd57248fc0646a6c69fc0afe09721ce4 (patch) | |
tree | 3f58db2d74b39c986e965b53112264978c05da4b | |
parent | e62c87b18ce4885b290299a24f42dd2311f86e9b (diff) | |
download | hardware_qcom_audio-3a48b350bd57248fc0646a6c69fc0afe09721ce4.tar.gz hardware_qcom_audio-3a48b350bd57248fc0646a6c69fc0afe09721ce4.tar.bz2 hardware_qcom_audio-3a48b350bd57248fc0646a6c69fc0afe09721ce4.zip |
Equalizer: Check value size for get preset name
Test: see CTS testAllEffectsEqualizer_CVE_2017_0401
Bug: 37536407
Change-Id: Ifa515dea10c9293022b7d0971d097f0bd727ac6c
(cherry picked from commit 8cf151a63177247a370ecdef6f2e1ec0b80901d5)
CVE-2017-0767
-rw-r--r-- | post_proc/equalizer.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/post_proc/equalizer.c b/post_proc/equalizer.c index 17993ee4..8d48b024 100644 --- a/post_proc/equalizer.c +++ b/post_proc/equalizer.c @@ -327,6 +327,13 @@ int equalizer_get_parameter(effect_context_t *context, effect_param_t *p, } break; } + + if (p->vsize < 1) { + p->status = -EINVAL; + android_errorWriteLog(0x534e4554, "37536407"); + break; + } + name = (char *)value; strlcpy(name, equalizer_get_preset_name(eq_ctxt, param2), p->vsize - 1); name[p->vsize - 1] = 0; |