DO NOT MERGE - audio effects: fix heap overflow (29b83cbb) · Commits · e / os / android_frameworks_av

media/libeffects/downmix/EffectDownmix.c

+9 −9

Original line number	Diff line number	Diff line
		@@ -160,8 +160,8 @@ void Downmix_testIndexComputation(uint32_t mask) {
		/--- Effect Library Interface Implementation ---/

		int32_t DownmixLib_Create(const effect_uuid_t *uuid,
		int32_t sessionId,
		int32_t ioId,
		int32_t sessionId __unused,
		int32_t ioId __unused,
		effect_handle_t *pHandle) {
		int ret;
		int i;
		@@ -384,7 +384,7 @@ static int Downmix_Command(effect_handle_t self, uint32_t cmdCode, uint32_t cmdS

		switch (cmdCode) {
		case EFFECT_CMD_INIT:
		if (pReplyData == NULL \|\| *replySize != sizeof(int)) {
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)) {
		return -EINVAL;
		}
		(int ) pReplyData = Downmix_Init(pDwmModule);
		@@ -392,7 +392,7 @@ static int Downmix_Command(effect_handle_t self, uint32_t cmdCode, uint32_t cmdS

		case EFFECT_CMD_SET_CONFIG:
		if (pCmdData == NULL \|\| cmdSize != sizeof(effect_config_t)
		\|\| pReplyData == NULL \|\| *replySize != sizeof(int)) {
		\|\| pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)) {
		return -EINVAL;
		}
		(int ) pReplyData = Downmix_Configure(pDwmModule,
		@@ -407,7 +407,7 @@ static int Downmix_Command(effect_handle_t self, uint32_t cmdCode, uint32_t cmdS
		ALOGV("Downmix_Command EFFECT_CMD_GET_PARAM pCmdData %p, *replySize %d, pReplyData: %p",
		pCmdData, *replySize, pReplyData);
		if (pCmdData == NULL \|\| cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) \|\|
		pReplyData == NULL \|\|
		pReplyData == NULL \|\| replySize == NULL \|\|
		replySize < (int) sizeof(effect_param_t) + 2 sizeof(int32_t)) {
		return -EINVAL;
		}
		@@ -424,7 +424,7 @@ static int Downmix_Command(effect_handle_t self, uint32_t cmdCode, uint32_t cmdS
		ALOGV("Downmix_Command EFFECT_CMD_SET_PARAM cmdSize %d pCmdData %p, *replySize %d, " \
		"pReplyData %p", cmdSize, pCmdData, *replySize, pReplyData);
		if (pCmdData == NULL \|\| (cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)))
		\|\| pReplyData == NULL \|\| *replySize != (int)sizeof(int32_t)) {
		\|\| pReplyData == NULL \|\| replySize == NULL \|\| *replySize != (int)sizeof(int32_t)) {
		return -EINVAL;
		}
		effect_param_t cmd = (effect_param_t ) pCmdData;
		@@ -443,7 +443,7 @@ static int Downmix_Command(effect_handle_t self, uint32_t cmdCode, uint32_t cmdS
		break;

		case EFFECT_CMD_ENABLE:
		if (pReplyData == NULL \|\| *replySize != sizeof(int)) {
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)) {
		return -EINVAL;
		}
		if (pDownmixer->state != DOWNMIX_STATE_INITIALIZED) {
		@@ -455,7 +455,7 @@ static int Downmix_Command(effect_handle_t self, uint32_t cmdCode, uint32_t cmdS
		break;

		case EFFECT_CMD_DISABLE:
		if (pReplyData == NULL \|\| *replySize != sizeof(int)) {
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)) {
		return -EINVAL;
		}
		if (pDownmixer->state != DOWNMIX_STATE_ACTIVE) {
		@@ -670,7 +670,7 @@ int Downmix_Configure(downmix_module_t pDwmModule, effect_config_t pConfig, bo
		*----------------------------------------------------------------------------
		*/

		int Downmix_Reset(downmix_object_t *pDownmixer, bool init) {
		int Downmix_Reset(downmix_object_t *pDownmixer __unused, bool init __unused) {
		// nothing to do here
		return 0;
		}

media/libeffects/loudness/EffectLoudnessEnhancer.cpp

+6 −6

Original line number	Diff line number	Diff line
		@@ -189,8 +189,8 @@ int LE_init(LoudnessEnhancerContext *pContext)
		//

		int LELib_Create(const effect_uuid_t *uuid,
		int32_t sessionId,
		int32_t ioId,
		int32_t sessionId __unused,
		int32_t ioId __unused,
		effect_handle_t *pHandle) {
		ALOGV("LELib_Create()");
		int ret;
		@@ -327,7 +327,7 @@ int LE_command(effect_handle_t self, uint32_t cmdCode, uint32_t cmdSize,
		break;
		case EFFECT_CMD_SET_CONFIG:
		if (pCmdData == NULL \|\| cmdSize != sizeof(effect_config_t)
		\|\| pReplyData == NULL \|\| *replySize != sizeof(int)) {
		\|\| pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)) {
		return -EINVAL;
		}
		(int ) pReplyData = LE_setConfig(pContext,
		@@ -344,7 +344,7 @@ int LE_command(effect_handle_t self, uint32_t cmdCode, uint32_t cmdSize,
		LE_reset(pContext);
		break;
		case EFFECT_CMD_ENABLE:
		if (pReplyData == NULL \|\| *replySize != sizeof(int)) {
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)) {
		return -EINVAL;
		}
		if (pContext->mState != LOUDNESS_ENHANCER_STATE_INITIALIZED) {
		@@ -368,7 +368,7 @@ int LE_command(effect_handle_t self, uint32_t cmdCode, uint32_t cmdSize,
		case EFFECT_CMD_GET_PARAM: {
		if (pCmdData == NULL \|\|
		cmdSize != (int)(sizeof(effect_param_t) + sizeof(uint32_t)) \|\|
		pReplyData == NULL \|\|
		pReplyData == NULL \|\| replySize == NULL \|\|
		*replySize < (int)(sizeof(effect_param_t) + sizeof(uint32_t) + sizeof(uint32_t))) {
		return -EINVAL;
		}
		@@ -394,7 +394,7 @@ int LE_command(effect_handle_t self, uint32_t cmdCode, uint32_t cmdSize,
		case EFFECT_CMD_SET_PARAM: {
		if (pCmdData == NULL \|\|
		cmdSize != (int)(sizeof(effect_param_t) + sizeof(uint32_t) + sizeof(uint32_t)) \|\|
		pReplyData == NULL \|\| *replySize != sizeof(int32_t)) {
		pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int32_t)) {
		return -EINVAL;
		}
		(int32_t )pReplyData = 0;

media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp

+42 −95

Original line number	Diff line number	Diff line
		@@ -2752,7 +2752,7 @@ int Effect_command(effect_handle_t self,

		switch (cmdCode){
		case EFFECT_CMD_INIT:
		if (pReplyData == NULL \|\| *replySize != sizeof(int)){
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)){
		ALOGV("\tLVM_ERROR, EFFECT_CMD_INIT: ERROR for effect type %d",
		pContext->EffectType);
		return -EINVAL;
		@@ -2779,10 +2779,8 @@ int Effect_command(effect_handle_t self,

		case EFFECT_CMD_SET_CONFIG:
		//ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_SET_CONFIG start");
		if (pCmdData == NULL\|\|
		cmdSize != sizeof(effect_config_t)\|\|
		pReplyData == NULL\|\|
		*replySize != sizeof(int)){
		if (pCmdData == NULL \|\| cmdSize != sizeof(effect_config_t) \|\|
		pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)) {
		ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: "
		"EFFECT_CMD_SET_CONFIG: ERROR");
		return -EINVAL;
		@@ -2792,8 +2790,7 @@ int Effect_command(effect_handle_t self,
		break;

		case EFFECT_CMD_GET_CONFIG:
		if (pReplyData == NULL \|\|
		*replySize != sizeof(effect_config_t)) {
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(effect_config_t)) {
		ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: "
		"EFFECT_CMD_GET_CONFIG: ERROR");
		return -EINVAL;
		@@ -2811,16 +2808,15 @@ int Effect_command(effect_handle_t self,
		case EFFECT_CMD_GET_PARAM:{
		//ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_GET_PARAM start");

		if(pContext->EffectType == LVM_BASS_BOOST){
		if (pCmdData == NULL \|\|
		cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) \|\|
		pReplyData == NULL \|\|
		*replySize < (int) (sizeof(effect_param_t) + sizeof(int32_t))){
		ALOGV("\tLVM_ERROR : BassBoost_command cmdCode Case: "
		"EFFECT_CMD_GET_PARAM: ERROR");
		effect_param_t p = (effect_param_t )pCmdData;

		if (pCmdData == NULL \|\| cmdSize < sizeof(effect_param_t) \|\|
		cmdSize < (sizeof(effect_param_t) + p->psize) \|\|
		pReplyData == NULL \|\| replySize == NULL \|\|
		*replySize < (sizeof(effect_param_t) + p->psize)) {
		ALOGV("\tLVM_ERROR : EFFECT_CMD_GET_PARAM: ERROR");
		return -EINVAL;
		}
		effect_param_t p = (effect_param_t )pCmdData;

		memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);

		@@ -2828,13 +2824,11 @@ int Effect_command(effect_handle_t self,

		int voffset = ((p->psize - 1) / sizeof(int32_t) + 1) * sizeof(int32_t);

		if(pContext->EffectType == LVM_BASS_BOOST){
		p->status = android::BassBoost_getParameter(pContext,
		p->data,
		(size_t *)&p->vsize,
		p->data + voffset);

		*replySize = sizeof(effect_param_t) + voffset + p->vsize;

		//ALOGV("\tBassBoost_command EFFECT_CMD_GET_PARAM "
		// "pCmdData %d, replySize %d, *pReplyData %d ",
		// (int32_t )((char *)pCmdData + sizeof(effect_param_t)),
		@@ -2843,29 +2837,11 @@ int Effect_command(effect_handle_t self,
		}

		if(pContext->EffectType == LVM_VIRTUALIZER){
		if (pCmdData == NULL \|\|
		cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) \|\|
		pReplyData == NULL \|\|
		*replySize < (int) (sizeof(effect_param_t) + sizeof(int32_t))){
		ALOGV("\tLVM_ERROR : Virtualizer_command cmdCode Case: "
		"EFFECT_CMD_GET_PARAM: ERROR");
		return -EINVAL;
		}
		effect_param_t p = (effect_param_t )pCmdData;

		memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);

		p = (effect_param_t *)pReplyData;

		int voffset = ((p->psize - 1) / sizeof(int32_t) + 1) * sizeof(int32_t);

		p->status = android::Virtualizer_getParameter(pContext,
		(void *)p->data,
		(size_t *)&p->vsize,
		p->data + voffset);

		*replySize = sizeof(effect_param_t) + voffset + p->vsize;

		//ALOGV("\tVirtualizer_command EFFECT_CMD_GET_PARAM "
		// "pCmdData %d, replySize %d, *pReplyData %d ",
		// (int32_t )((char *)pCmdData + sizeof(effect_param_t)),
		@@ -2875,29 +2851,11 @@ int Effect_command(effect_handle_t self,
		if(pContext->EffectType == LVM_EQUALIZER){
		//ALOGV("\tEqualizer_command cmdCode Case: "
		// "EFFECT_CMD_GET_PARAM start");
		if (pCmdData == NULL \|\|
		cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) \|\|
		pReplyData == NULL \|\|
		*replySize < (int) (sizeof(effect_param_t) + sizeof(int32_t))) {
		ALOGV("\tLVM_ERROR : Equalizer_command cmdCode Case: "
		"EFFECT_CMD_GET_PARAM");
		return -EINVAL;
		}
		effect_param_t p = (effect_param_t )pCmdData;

		memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);

		p = (effect_param_t *)pReplyData;

		int voffset = ((p->psize - 1) / sizeof(int32_t) + 1) * sizeof(int32_t);

		p->status = android::Equalizer_getParameter(pContext,
		p->data,
		&p->vsize,
		p->data + voffset);

		*replySize = sizeof(effect_param_t) + voffset + p->vsize;

		//ALOGV("\tEqualizer_command EFFECT_CMD_GET_PARAM pCmdData %d, replySize %d, "
		// "*pReplyData %08x %08x",
		// (int32_t )((char )pCmdData + sizeof(effect_param_t)), replySize,
		@@ -2907,35 +2865,19 @@ int Effect_command(effect_handle_t self,
		}
		if(pContext->EffectType == LVM_VOLUME){
		//ALOGV("\tVolume_command cmdCode Case: EFFECT_CMD_GET_PARAM start");
		if (pCmdData == NULL \|\|
		cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) \|\|
		pReplyData == NULL \|\|
		*replySize < (int) (sizeof(effect_param_t) + sizeof(int32_t))){
		ALOGV("\tLVM_ERROR : Volume_command cmdCode Case: "
		"EFFECT_CMD_GET_PARAM: ERROR");
		return -EINVAL;
		}
		effect_param_t p = (effect_param_t )pCmdData;

		memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);

		p = (effect_param_t *)pReplyData;

		int voffset = ((p->psize - 1) / sizeof(int32_t) + 1) * sizeof(int32_t);

		p->status = android::Volume_getParameter(pContext,
		(void *)p->data,
		(size_t *)&p->vsize,
		p->data + voffset);

		*replySize = sizeof(effect_param_t) + voffset + p->vsize;

		//ALOGV("\tVolume_command EFFECT_CMD_GET_PARAM "
		// "pCmdData %d, replySize %d, *pReplyData %d ",
		// (int32_t )((char *)pCmdData + sizeof(effect_param_t)),
		// *replySize,
		// (int16_t )((char *)pReplyData + sizeof(effect_param_t) + voffset));
		}
		*replySize = sizeof(effect_param_t) + voffset + p->vsize;

		//ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_GET_PARAM end");
		} break;
		case EFFECT_CMD_SET_PARAM:{
		@@ -2947,9 +2889,8 @@ int Effect_command(effect_handle_t self,
		// (int16_t )((char *)pCmdData + sizeof(effect_param_t) + sizeof(int32_t)));

		if (pCmdData == NULL \|\|
		cmdSize != (int)(sizeof(effect_param_t) + sizeof(int32_t) +sizeof(int16_t))\|\|
		pReplyData == NULL\|\|
		*replySize != sizeof(int32_t)){
		cmdSize != (sizeof(effect_param_t) + sizeof(int32_t) +sizeof(int16_t)) \|\|
		pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int32_t)) {
		ALOGV("\tLVM_ERROR : BassBoost_command cmdCode Case: "
		"EFFECT_CMD_SET_PARAM: ERROR");
		return -EINVAL;
		@@ -2980,9 +2921,10 @@ int Effect_command(effect_handle_t self,
		// (int16_t )((char *)pCmdData + sizeof(effect_param_t) + sizeof(int32_t)));

		if (pCmdData == NULL \|\|
		cmdSize != (int)(sizeof(effect_param_t) + sizeof(int32_t) +sizeof(int16_t))\|\|
		pReplyData == NULL\|\|
		*replySize != sizeof(int32_t)){
		// legal parameters are int16_t or int32_t
		cmdSize > (sizeof(effect_param_t) + sizeof(int32_t) +sizeof(int32_t)) \|\|
		cmdSize < (sizeof(effect_param_t) + sizeof(int32_t) +sizeof(int16_t)) \|\|
		pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int32_t)) {
		ALOGV("\tLVM_ERROR : Virtualizer_command cmdCode Case: "
		"EFFECT_CMD_SET_PARAM: ERROR");
		return -EINVAL;
		@@ -3014,8 +2956,8 @@ int Effect_command(effect_handle_t self,
		// *replySize,
		// (int16_t )((char *)pCmdData + sizeof(effect_param_t) + sizeof(int32_t)));

		if (pCmdData == NULL \|\| cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) \|\|
		pReplyData == NULL \|\| *replySize != sizeof(int32_t)) {
		if (pCmdData == NULL \|\| cmdSize < (sizeof(effect_param_t) + sizeof(int32_t)) \|\|
		pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int32_t)) {
		ALOGV("\tLVM_ERROR : Equalizer_command cmdCode Case: "
		"EFFECT_CMD_SET_PARAM: ERROR");
		return -EINVAL;
		@@ -3034,8 +2976,8 @@ int Effect_command(effect_handle_t self,
		// (int16_t )((char *)pCmdData + sizeof(effect_param_t) +sizeof(int32_t)));

		if (pCmdData == NULL \|\|
		cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t))\|\|
		pReplyData == NULL\|\|
		cmdSize < (sizeof(effect_param_t) + sizeof(int32_t)) \|\|
		pReplyData == NULL \|\| replySize == NULL \|\|
		*replySize != sizeof(int32_t)) {
		ALOGV("\tLVM_ERROR : Volume_command cmdCode Case: "
		"EFFECT_CMD_SET_PARAM: ERROR");
		@@ -3052,7 +2994,7 @@ int Effect_command(effect_handle_t self,

		case EFFECT_CMD_ENABLE:
		ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_ENABLE start");
		if (pReplyData == NULL \|\| *replySize != sizeof(int)){
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)) {
		ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: EFFECT_CMD_ENABLE: ERROR");
		return -EINVAL;
		}
		@@ -3062,7 +3004,7 @@ int Effect_command(effect_handle_t self,

		case EFFECT_CMD_DISABLE:
		//ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_DISABLE start");
		if (pReplyData == NULL \|\| *replySize != sizeof(int)){
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)) {
		ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: EFFECT_CMD_DISABLE: ERROR");
		return -EINVAL;
		}
		@@ -3072,6 +3014,11 @@ int Effect_command(effect_handle_t self,
		case EFFECT_CMD_SET_DEVICE:
		{
		ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_SET_DEVICE start");
		if (pCmdData == NULL){
		ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: EFFECT_CMD_SET_DEVICE: ERROR");
		return -EINVAL;
		}

		uint32_t device = (uint32_t )pCmdData;

		if (pContext->EffectType == LVM_BASS_BOOST) {
		@@ -3158,8 +3105,8 @@ int Effect_command(effect_handle_t self,
		break;
		}

		if (pCmdData == NULL \|\|
		cmdSize != 2 * sizeof(uint32_t)) {
		if (pCmdData == NULL \|\| cmdSize != 2 * sizeof(uint32_t) \|\| pReplyData == NULL \|\|
		replySize == NULL \|\| replySize < 2sizeof(int32_t)) {
		ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: "
		"EFFECT_CMD_SET_VOLUME: ERROR");
		return -EINVAL;

media/libeffects/lvm/wrapper/Reverb/EffectReverb.cpp

+14 −16

Original line number	Diff line number	Diff line
		@@ -188,8 +188,8 @@ int Reverb_LoadPreset (ReverbContext *pContext);
		/* Effect Library Interface Implementation */

		extern "C" int EffectCreate(const effect_uuid_t *uuid,
		int32_t sessionId,
		int32_t ioId,
		int32_t sessionId __unused,
		int32_t ioId __unused,
		effect_handle_t *pHandle){
		int ret;
		int i;
		@@ -1912,7 +1912,7 @@ int Reverb_command(effect_handle_t self,
		//ALOGV("\tReverb_command cmdCode Case: "
		// "EFFECT_CMD_INIT start");

		if (pReplyData == NULL \|\| *replySize != sizeof(int)){
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)){
		ALOGV("\tLVM_ERROR : Reverb_command cmdCode Case: "
		"EFFECT_CMD_INIT: ERROR");
		return -EINVAL;
		@@ -1923,10 +1923,8 @@ int Reverb_command(effect_handle_t self,
		case EFFECT_CMD_SET_CONFIG:
		//ALOGV("\tReverb_command cmdCode Case: "
		// "EFFECT_CMD_SET_CONFIG start");
		if (pCmdData == NULL \|\|
		cmdSize != sizeof(effect_config_t) \|\|
		pReplyData == NULL \|\|
		*replySize != sizeof(int)) {
		if (pCmdData == NULL \|\| cmdSize != sizeof(effect_config_t) \|\|
		pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)) {
		ALOGV("\tLVM_ERROR : Reverb_command cmdCode Case: "
		"EFFECT_CMD_SET_CONFIG: ERROR");
		return -EINVAL;
		@@ -1936,8 +1934,7 @@ int Reverb_command(effect_handle_t self,
		break;

		case EFFECT_CMD_GET_CONFIG:
		if (pReplyData == NULL \|\|
		*replySize != sizeof(effect_config_t)) {
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(effect_config_t)) {
		ALOGV("\tLVM_ERROR : Reverb_command cmdCode Case: "
		"EFFECT_CMD_GET_CONFIG: ERROR");
		return -EINVAL;
		@@ -1955,15 +1952,16 @@ int Reverb_command(effect_handle_t self,
		case EFFECT_CMD_GET_PARAM:{
		//ALOGV("\tReverb_command cmdCode Case: "
		// "EFFECT_CMD_GET_PARAM start");
		if (pCmdData == NULL \|\|
		cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) \|\|
		pReplyData == NULL \|\|
		*replySize < (int) (sizeof(effect_param_t) + sizeof(int32_t))){
		effect_param_t p = (effect_param_t )pCmdData;

		if (pCmdData == NULL \|\| cmdSize < sizeof(effect_param_t) \|\|
		cmdSize < (sizeof(effect_param_t) + p->psize) \|\|
		pReplyData == NULL \|\| replySize == NULL \|\|
		*replySize < (sizeof(effect_param_t) + p->psize)) {
		ALOGV("\tLVM_ERROR : Reverb_command cmdCode Case: "
		"EFFECT_CMD_GET_PARAM: ERROR");
		return -EINVAL;
		}
		effect_param_t p = (effect_param_t )pCmdData;

		memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);

		@@ -1994,8 +1992,8 @@ int Reverb_command(effect_handle_t self,
		// *replySize,
		// (int16_t )((char *)pCmdData + sizeof(effect_param_t) + sizeof(int32_t)));

		if (pCmdData == NULL \|\| (cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)))
		\|\| pReplyData == NULL \|\| *replySize != (int)sizeof(int32_t)) {
		if (pCmdData == NULL \|\| (cmdSize < (sizeof(effect_param_t) + sizeof(int32_t))) \|\|
		pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int32_t)) {
		ALOGV("\tLVM_ERROR : Reverb_command cmdCode Case: "
		"EFFECT_CMD_SET_PARAM: ERROR");
		return -EINVAL;

media/libeffects/preprocessing/PreProcessing.cpp

+19 −16

Original line number	Diff line number	Diff line
		@@ -575,16 +575,18 @@ int NsCreate(preproc_effect_t *effect)
		return 0;
		}

		int NsGetParameter(preproc_effect_t *effect,
		void *pParam,
		size_t *pValueSize,
		void *pValue)
		int NsGetParameter(preproc_effect_t *effect __unused,
		void *pParam __unused,
		uint32_t *pValueSize __unused,
		void *pValue __unused)
		{
		int status = 0;
		return status;
		}

		int NsSetParameter (preproc_effect_t effect, void pParam, void *pValue)
		int NsSetParameter (preproc_effect_t *effect __unused,
		void *pParam __unused,
		void *pValue __unused)
		{
		int status = 0;
		return status;
		@@ -1435,15 +1437,16 @@ int PreProcessingFx_Command(effect_handle_t self,
		break;

		case EFFECT_CMD_GET_PARAM: {
		if (pCmdData == NULL \|\|
		cmdSize < (int)sizeof(effect_param_t) \|\|
		pReplyData == NULL \|\|
		*replySize < (int)sizeof(effect_param_t)){
		effect_param_t p = (effect_param_t )pCmdData;

		if (pCmdData == NULL \|\| cmdSize < sizeof(effect_param_t) \|\|
		cmdSize < (sizeof(effect_param_t) + p->psize) \|\|
		pReplyData == NULL \|\| replySize == NULL \|\|
		*replySize < (sizeof(effect_param_t) + p->psize)){
		ALOGV("PreProcessingFx_Command cmdCode Case: "
		"EFFECT_CMD_GET_PARAM: ERROR");
		return -EINVAL;
		}
		effect_param_t p = (effect_param_t )pCmdData;

		memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);

		@@ -1461,8 +1464,8 @@ int PreProcessingFx_Command(effect_handle_t self,

		case EFFECT_CMD_SET_PARAM:{
		if (pCmdData == NULL\|\|
		cmdSize < (int)sizeof(effect_param_t) \|\|
		pReplyData == NULL \|\|
		cmdSize < sizeof(effect_param_t) \|\|
		pReplyData == NULL \|\| replySize == NULL \|\|
		*replySize != sizeof(int32_t)){
		ALOGV("PreProcessingFx_Command cmdCode Case: "
		"EFFECT_CMD_SET_PARAM: ERROR");
		@@ -1483,7 +1486,7 @@ int PreProcessingFx_Command(effect_handle_t self,
		} break;

		case EFFECT_CMD_ENABLE:
		if (pReplyData == NULL \|\| *replySize != sizeof(int)){
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)){
		ALOGV("PreProcessingFx_Command cmdCode Case: EFFECT_CMD_ENABLE: ERROR");
		return -EINVAL;
		}
		@@ -1491,7 +1494,7 @@ int PreProcessingFx_Command(effect_handle_t self,
		break;

		case EFFECT_CMD_DISABLE:
		if (pReplyData == NULL \|\| *replySize != sizeof(int)){
		if (pReplyData == NULL \|\| replySize == NULL \|\| *replySize != sizeof(int)){
		ALOGV("PreProcessingFx_Command cmdCode Case: EFFECT_CMD_DISABLE: ERROR");
		return -EINVAL;
		}
		@@ -1711,7 +1714,7 @@ int PreProcessingFx_GetDescriptor(effect_handle_t self,

		int PreProcessingFx_ProcessReverse(effect_handle_t self,
		audio_buffer_t *inBuffer,
		audio_buffer_t *outBuffer)
		audio_buffer_t *outBuffer __unused)
		{
		preproc_effect_t * effect = (preproc_effect_t *)self;
		int status = 0;