Merge tag 'android-security-11.0.0_r49' into int/11/fp3
Android security 11.0.0 release 49
* tag 'android-security-11.0.0_r49':
sonivox: Fix global buffer overflow in WT_InterpolateNoLoop
Change-Id: I36605ee8227b17c152aeda64759481c5edeceb1c
diff --git a/arm-wt-22k/lib_src/eas_mdls.c b/arm-wt-22k/lib_src/eas_mdls.c
index 876ce9b..fac6987 100644
--- a/arm-wt-22k/lib_src/eas_mdls.c
+++ b/arm-wt-22k/lib_src/eas_mdls.c
@@ -1372,6 +1372,10 @@
{
return EAS_SUCCESS;
}
+ if (sampleLen < sizeof(EAS_SAMPLE)
+ || (pWsmp->loopStart + pWsmp->loopLength) * sizeof(EAS_SAMPLE) > sampleLen - sizeof(EAS_SAMPLE)) {
+ return EAS_FAILURE;
+ }
pSample[(pWsmp->loopStart + pWsmp->loopLength)>>1] = pSample[(pWsmp->loopStart)>>1];
}
diff --git a/arm-wt-22k/lib_src/eas_public.c b/arm-wt-22k/lib_src/eas_public.c
index b3161f0..776c1ca 100644
--- a/arm-wt-22k/lib_src/eas_public.c
+++ b/arm-wt-22k/lib_src/eas_public.c
@@ -996,7 +996,6 @@
EAS_BOOL done;
EAS_INT yieldCount = YIELD_EVENT_COUNT;
EAS_U32 time = 0;
-
// This constant is the maximum number of events that can be processed in a single time slice.
// A typical ringtone will contain a few events per time slice.
// Extremely dense ringtones might go up to 50 events.