Merge the android-9.0.0_r60 release tag
Android 9.0.0 release 60
* tag 'android-9.0.0_r60':
Check data consistency in mdls parsing
Change-Id: Iaf7b0b53b0e8a737816cd57230054418aa94f1a6
diff --git a/arm-wt-22k/host_src/eas_types.h b/arm-wt-22k/host_src/eas_types.h
index df1d1d8..56d0b53 100644
--- a/arm-wt-22k/host_src/eas_types.h
+++ b/arm-wt-22k/host_src/eas_types.h
@@ -76,6 +76,7 @@
#define EAS_ERROR_QUEUE_IS_FULL -36
#define EAS_ERROR_QUEUE_IS_EMPTY -37
#define EAS_ERROR_FEATURE_ALREADY_ACTIVE -38
+#define EAS_ERROR_DATA_INCONSISTENCY -39
/* special return codes */
#define EAS_EOF 3
diff --git a/arm-wt-22k/lib_src/eas_mdls.c b/arm-wt-22k/lib_src/eas_mdls.c
index 0c1c9f6..bfe54d3 100644
--- a/arm-wt-22k/lib_src/eas_mdls.c
+++ b/arm-wt-22k/lib_src/eas_mdls.c
@@ -850,6 +850,15 @@
if ((result = EAS_HWGetDWord(pDLSData->hwInstData, pDLSData->fileHandle, &pDLSData->waveCount, EAS_FALSE)) != EAS_SUCCESS)
return result;
+ /* if second pass, ensure waveCount matches with the value parsed in first pass */
+ if (pDLSData->pDLS)
+ {
+ if (pDLSData->waveCount != pDLSData->pDLS->numDLSSamples)
+ {
+ return EAS_ERROR_DATA_INCONSISTENCY;
+ }
+ }
+
#if 0
/* just need the wave count on the first pass */
if (!pDLSData->pDLS)
@@ -1361,6 +1370,15 @@
if (temp != CHUNK_INS)
continue;
+ /* if second pass, ensure instCount is less than numDLSPrograms */
+ if (pDLSData->pDLS)
+ {
+ if (pDLSData->instCount >= pDLSData->pDLS->numDLSPrograms)
+ {
+ return EAS_ERROR_DATA_INCONSISTENCY;
+ }
+ }
+
if ((result = Parse_ins(pDLSData, chunkPos + 12, size)) != EAS_SUCCESS)
return result;
}
@@ -1596,6 +1614,14 @@
{ /* dpp: EAS_ReportEx(_EAS_SEVERITY_WARNING, "DLS region count exceeded cRegions value in insh, extra region ignored\n"); */ }
return EAS_SUCCESS;
}
+ /* if second pass, ensure regionCount is less than numDLSRegions */
+ if (pDLSData->pDLS)
+ {
+ if (pDLSData->regionCount >= pDLSData->pDLS->numDLSRegions)
+ {
+ return EAS_ERROR_DATA_INCONSISTENCY;
+ }
+ }
if ((result = Parse_rgn(pDLSData, chunkPos + 12, size, artIndex)) != EAS_SUCCESS)
return result;
regionCount++;
@@ -1743,6 +1769,12 @@
/* if local data was found convert it */
if (art.values[PARAM_MODIFIED] == EAS_TRUE)
{
+ /* ensure artCount is less than numDLSArticulations */
+ if (pDLSData->artCount >= pDLSData->pDLS->numDLSArticulations)
+ {
+ return EAS_ERROR_DATA_INCONSISTENCY;
+ }
+
Convert_art(pDLSData, &art, (EAS_U16) pDLSData->artCount);
artIndex = (EAS_U16) pDLSData->artCount;
}