diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2018-06-04 21:56:08 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-06-04 21:56:08 +0000 |
| commit | 7f3cf0bbce8abeea198553737ef68bccd7281244 (patch) | |
| tree | 330602c62544ba2a780117efe94fed0f92960407 | |
| parent | bd639dc3e4a5cea0ae27bb61725241273c79a478 (diff) | |
| parent | 75cda79163bb62141fbc9733eddef3379fd67f87 (diff) | |
| download | sonivox-oreo-m2-s4-release.tar.gz | |
Merge cherrypicks of [4254030, 4254031, 4254032, 4254033, 4254082, 4254083, 4254084, 4254085, 4254601, 4254602, 4254086, 4254087, 4254088, 4254089, 4254090, 4254091, 4254092, 4254093, 4254621, 4254209, 4254105, 4254106, 4254107, 4254108, 4254109, 4254110, 4254111, 4254134, 4254135, 4254136, 4254137, 4254138, 4254139, 4254140, 4254661, 4254662, 4254663, 4254664, 4254094, 4254034, 4254035, 4254036, 4254681, 4253166, 4253167, 4254644, 4254210, 4254095, 4254701, 4254702, 4254112, 4254113, 4254114, 4254115, 4254116, 4254117, 4254118, 4254119, 4254120, 4254721, 4254722, 4254723, 4254724, 4254725, 4253345, 4253168, 4254573, 4253169, 4254211, 4254096, 4253346, 4253347, 4254212, 4254574, 4254575, 4254576, 4254577, 4254578] into sparse-4732990-L64400000179192834android-8.1.0_r35oreo-m2-s4-release
Change-Id: I9a9e5cf39d8d5e7d6fc33b55cdedf18e59a634e5
| -rw-r--r-- | arm-wt-22k/lib_src/eas_smf.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/arm-wt-22k/lib_src/eas_smf.c b/arm-wt-22k/lib_src/eas_smf.c index 8b54b8e..3c284eb 100644 --- a/arm-wt-22k/lib_src/eas_smf.c +++ b/arm-wt-22k/lib_src/eas_smf.c @@ -29,6 +29,8 @@ *---------------------------------------------------------------------------- */ +#include "log/log.h" + #include "eas_data.h" #include "eas_miditypes.h" #include "eas_parser.h" @@ -833,6 +835,20 @@ static EAS_RESULT SMF_ParseMetaEvent (S_EAS_DATA *pEASData, S_SMF_DATA *pSMFData /* get the current file position so we can skip the event */ if ((result = EAS_HWFilePos(pEASData->hwInstData, pSMFStream->fileHandle, &pos)) != EAS_SUCCESS) return result; + + /* prevent a large unsigned length from being treated as a negative length */ + if ((EAS_I32) len < 0) { + /* note that EAS_I32 is a long, which can be 64-bits on some computers */ + ALOGE("b/68953854 SMF_ParseMetaEvent, negative len = %ld\n", (EAS_I32) len); + return EAS_ERROR_FILE_FORMAT; + } + /* prevent numeric overflow caused by a very large len, assume pos > 0 */ + const EAS_I32 EAS_I32_MAX = 0x7FFFFFFF; + if ((EAS_I32) len > (EAS_I32_MAX - pos)) { + ALOGE("b/68953854 SMF_ParseMetaEvent, too large len = %ld\n", (EAS_I32) len); + return EAS_ERROR_FILE_FORMAT; + } + pos += (EAS_I32) len; /* end of track? */ |