Fix security vulnerability: Effect command might allow negative indexes am:... (af55335d) · Commits · e / os / android_frameworks_av

media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp

+11 −3

Original line number	Diff line number	Diff line
		@@ -2419,9 +2419,13 @@ int Equalizer_getParameter(EffectContext *pContext,

		case EQ_PARAM_GET_PRESET_NAME:
		param2 = *pParamTemp;
		if (param2 >= EqualizerGetNumPresets()) {
		//if (param2 >= 20) { // AGO FIX
		if ((param2 < 0 && param2 != PRESET_CUSTOM) \|\| param2 >= EqualizerGetNumPresets()) {
		status = -EINVAL;
		if (param2 < 0) {
		android_errorWriteLog(0x534e4554, "32448258");
		ALOGE("\tERROR Equalizer_getParameter() EQ_PARAM_GET_PRESET_NAME preset %d",
		param2);
		}
		break;
		}
		name = (char *)pValue;
		@@ -2491,8 +2495,12 @@ int Equalizer_setParameter (EffectContext pContext, void pParam, void *pValue)
		band = *pParamTemp;
		level = (int32_t)((int16_t )pValue);
		//ALOGV("\tEqualizer_setParameter() EQ_PARAM_BAND_LEVEL band %d, level %d", band, level);
		if (band >= FIVEBAND_NUMBANDS) {
		if (band < 0 \|\| band >= FIVEBAND_NUMBANDS) {
		status = -EINVAL;
		if (band < 0) {
		android_errorWriteLog(0x534e4554, "32095626");
		ALOGE("\tERROR Equalizer_setParameter() EQ_PARAM_BAND_LEVEL band %d", band);
		}
		break;
		}
		EqualizerSetBandLevel(pContext, band, level);