From 3f9a6d3bd97966999fa35b9423b8c0042c8198b3 Mon Sep 17 00:00:00 2001 From: rago Date: Tue, 29 Nov 2016 10:29:39 -0800 Subject: [PATCH] Fix security vulnerability: potential OOB write in audioserver Bug: 32705438 Bug: 32703959 Test: cts security test Change-Id: I920a74cb0a809c623ddf802f3d2808f0f1bd537c --- include/hardware/audio_effect.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/hardware/audio_effect.h b/include/hardware/audio_effect.h index b49d02d6..af5f0e75 100644 --- a/include/hardware/audio_effect.h +++ b/include/hardware/audio_effect.h @@ -895,6 +895,9 @@ typedef struct effect_param_s { char data[]; // Start of Parameter + Value data } effect_param_t; +// Maximum effect_param_t size +#define EFFECT_PARAM_SIZE_MAX 65536 + // structure used by EFFECT_CMD_OFFLOAD command typedef struct effect_offload_param_s { bool isOffload; // true if the playback thread the effect is attached to is offloaded