Fix security vulnerability: Effect command might allow negative indexes am: 01183402d7 am: 94e3424b74 am: 9bf3487e7a am: d4881f8406 am: f31abe2c96 am: 0905c40edc am: 7b4d79044d am: a6323b04de am: d8383694f9 am: e92a0c60d8 am: 3712921ae9 am: df9b8955cb am: 3939df6105 am: af55335d2d am: 549f6da1f6
am: 9dc4111c17
Change-Id: I0a10b78775b4ae5ab3c0452b4befa052f26f7631
diff --git a/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp b/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp
index 2dfdfde..243e302 100644
--- a/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp
+++ b/media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp
@@ -2411,9 +2411,13 @@
case EQ_PARAM_GET_PRESET_NAME:
param2 = *pParamTemp;
- if (param2 >= EqualizerGetNumPresets()) {
- //if (param2 >= 20) { // AGO FIX
+ if ((param2 < 0 && param2 != PRESET_CUSTOM) || param2 >= EqualizerGetNumPresets()) {
status = -EINVAL;
+ if (param2 < 0) {
+ android_errorWriteLog(0x534e4554, "32448258");
+ ALOGE("\tERROR Equalizer_getParameter() EQ_PARAM_GET_PRESET_NAME preset %d",
+ param2);
+ }
break;
}
name = (char *)pValue;
@@ -2483,8 +2487,12 @@
band = *pParamTemp;
level = (int32_t)(*(int16_t *)pValue);
//ALOGV("\tEqualizer_setParameter() EQ_PARAM_BAND_LEVEL band %d, level %d", band, level);
- if (band >= FIVEBAND_NUMBANDS) {
+ if (band < 0 || band >= FIVEBAND_NUMBANDS) {
status = -EINVAL;
+ if (band < 0) {
+ android_errorWriteLog(0x534e4554, "32095626");
+ ALOGE("\tERROR Equalizer_setParameter() EQ_PARAM_BAND_LEVEL band %d", band);
+ }
break;
}
EqualizerSetBandLevel(pContext, band, level);