Merge "FPII-2680 : Fix security vulnerability: Effect command might allow negative indexes CVE-2017-0385 A-32585400" into fp/fp2_5.1_int
diff --git a/post_proc/equalizer.c b/post_proc/equalizer.c
index 2ae840a..a07aba4 100755
--- a/post_proc/equalizer.c
+++ b/post_proc/equalizer.c
@@ -320,9 +320,14 @@
case EQ_PARAM_GET_PRESET_NAME:
param2 = *param_tmp;
ALOGV("%s: EQ_PARAM_GET_PRESET_NAME: param2: %d", __func__, param2);
- if (param2 >= equalizer_get_num_presets(eq_ctxt)) {
- p->status = -EINVAL;
- break;
+ if ((param2 < 0 && param2 != PRESET_CUSTOM) ||
+ param2 >= equalizer_get_num_presets(eq_ctxt)) {
+ p->status = -EINVAL;
+ if (param2 < 0) {
+ android_errorWriteLog(0x534e4554, "32588016");
+ ALOGW("\tERROR EQ_PARAM_GET_PRESET_NAME preset %d", param2);
+ }
+ break;
}
name = (char *)value;
strlcpy(name, equalizer_get_preset_name(eq_ctxt, param2), p->vsize - 1);
@@ -377,8 +382,12 @@
case EQ_PARAM_BAND_LEVEL:
band = *param_tmp;
level = (int32_t)(*(int16_t *)value);
- if (band >= NUM_EQ_BANDS) {
- p->status = -EINVAL;
+ if (band < 0 || band >= NUM_EQ_BANDS) {
+ p->status = -EINVAL;
+ if (band < 0) {
+ android_errorWriteLog(0x534e4554, "32585400");
+ ALOGW("\tERROR EQ_PARAM_BAND_LEVEL band %d", band);
+ }
break;
}
equalizer_set_band_level(eq_ctxt, band, level);