commit | 37db81308114484d0a5a038b23a5b57eb6272ec4 | [log] [tgz] |
---|---|---|
author | rago <rago@google.com> | Tue Nov 15 13:00:50 2016 -0800 |
committer | Jeron Susan <jeron.susan@hi-p.com> | Tue Dec 13 11:10:28 2016 +0800 |
tree | afd6f4c70a5bf08d8fdf0c4863e61856a8a411af | |
parent | 81b6de5a090fca8757fd367a35418de26deff579 [diff] |
FPII-2680 : Fix security vulnerability: Effect command might allow negative indexes CVE-2017-0385 A-32585400 Within equalizer.c, when equalizer_set_parameter() is supplied a crafted effect_param_t data structure, it could be used to cause an out-of-bounds write. The fix is designed to add a parameter size check. Test: Use POC bug or cts security test Change-Id: I5ef8c756369d488ad5903c163584f24de63d73e3 (cherry picked from commit 500a9feaf816c719241de83f2ee65c8e2d7ff269)