From d8c80c2fb0e7b2ce6fdb754751a4c47ca146dab7 Mon Sep 17 00:00:00 2001
From: rago <rago@google.com>
Date: Mon, 22 Aug 2016 17:59:38 -0700
Subject: Fix potential overflow in Visualizer effect

Bug: 30229821
Change-Id: Iea1c4a21735e893aeded95b980044ec0861a7ea8
(cherry picked from commit 2fa52194ef64843c2908c69527384c6c2fcdbafa)
(cherry picked from commit 57ac66340ad488a17fc285b6fc2635cb7375d72b)
(cherry picked from commit 9cb9810ecb63c8ff55ecf4bc77431dc5b0688b5f)
---
 visualizer/offload_visualizer.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'visualizer/offload_visualizer.c')

diff --git a/visualizer/offload_visualizer.c b/visualizer/offload_visualizer.c
index f49c4345..ef2835ad 100644
--- a/visualizer/offload_visualizer.c
+++ b/visualizer/offload_visualizer.c
@@ -896,6 +896,14 @@ int visualizer_command(effect_context_t * context, uint32_t cmdCode, uint32_t cm
         break;
 
     case VISUALIZER_CMD_MEASURE: {
+        if (pReplyData == NULL || replySize == NULL ||
+                *replySize < (sizeof(int32_t) * MEASUREMENT_COUNT)) {
+            ALOGV("%s VISUALIZER_CMD_MEASURE error *replySize %d <"
+                    "(sizeof(int32_t) * MEASUREMENT_COUNT) %d",
+                    __func__, *replySize, sizeof(int32_t) * MEASUREMENT_COUNT);
+            android_errorWriteLog(0x534e4554, "30229821");
+            return -EINVAL;
+        }
         uint16_t peak_u16 = 0;
         float sum_rms_squared = 0.0f;
         uint8_t nb_valid_meas = 0;
-- 
cgit v1.2.3