Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 25ed3e82 authored by mike dooley's avatar mike dooley
Browse files

Fixing memory corruption bug in sound trigger V2_2 

The PhraseSoundModel was being cast to the V2_1 version instead
of V2_0, resulting in memory corruption.

Test: manual test using the SoundTriggerTestApp
Bug: 121265082
Change-Id: If30acd06dd5e2abfdb831287a6f76760e70b20fb
parent 1bf027f7

soundtrigger/2.2/default/SoundTriggerHw.cpp

+2 −2
Original line number Diff line number Diff line
@@ -380,8 +380,8 @@ struct sound_trigger_sound_model* SoundTriggerHw::convertSoundModelToHal( 
                            "malloc failed for size %zu in convertSoundModelToHal PHRASE",

                            allocSize);



        const ISoundTriggerHw::PhraseSoundModel* keyPhraseModel =

            reinterpret_cast<const ISoundTriggerHw::PhraseSoundModel*>(soundModel);

        const V2_0::ISoundTriggerHw::PhraseSoundModel* keyPhraseModel =

            reinterpret_cast<const V2_0::ISoundTriggerHw::PhraseSoundModel*>(soundModel);



        size_t i;

        for (i = 0; i < keyPhraseModel->phrases.size() && i < SOUND_TRIGGER_MAX_PHRASES; i++) {