Merge "agm: ipc: HWBinders: agm_server_wrapper: Add checks for integer overflow"
diff --git a/ipc/HwBinders/agm_ipc_service/src/agm_server_wrapper.cpp b/ipc/HwBinders/agm_ipc_service/src/agm_server_wrapper.cpp
index 62480d4..b8dd8c7 100644
--- a/ipc/HwBinders/agm_ipc_service/src/agm_server_wrapper.cpp
+++ b/ipc/HwBinders/agm_ipc_service/src/agm_server_wrapper.cpp
@@ -79,6 +79,9 @@
#ifndef __SIGRTMIN
#define __SIGRTMIN 32
#endif
+
+#define MAX_KVPAIR 48
+
static const constexpr int DEBUGGER_SIGNAL = (__SIGRTMIN + 3);
using AgmCallbackData = ::vendor::qti::hardware::AGMIPC::V1_0::implementation::clbk_data;
@@ -745,13 +748,18 @@
struct agm_cal_config *cal_config_local = NULL;
int32_t ret = 0;
+ if (cal_config.data()->num_ckvs > MAX_KVPAIR ) {
+ ALOGE("Num KVs %d more than expected: %d", cal_config.data()->num_ckvs, MAX_KVPAIR);
+ return -ENOMEM;
+ }
+
cal_config_local =
- (struct agm_cal_config*) calloc(1, sizeof(struct agm_cal_config) +
- cal_config.data()->num_ckvs * sizeof(struct agm_key_value));
+ (struct agm_cal_config*) calloc(1, sizeof(struct agm_cal_config) +
+ cal_config.data()->num_ckvs * sizeof(struct agm_key_value));
if (cal_config_local == NULL) {
- ALOGE("%s: Cannot allocate memory for cal_config_local\n", __func__);
- return -ENOMEM;
+ ALOGE("%s: Cannot allocate memory for cal_config_local\n", __func__);
+ return -ENOMEM;
}
cal_config_local->num_ckvs = cal_config.data()->num_ckvs;
for (int i=0 ; i < cal_config.data()->num_ckvs ; i++ ) {
@@ -786,6 +794,11 @@
const hidl_vec<AgmTagConfig>& tag_config) {
ALOGV("%s : session_id = %d, aif_id = %d\n", __func__, session_id, aif_id);
struct agm_tag_config *tag_config_local;
+
+ if (tag_config.data()->num_tkvs > MAX_KVPAIR) {
+ ALOGE("Num KVs %d more than expected: %d", tag_config.data()->num_tkvs, MAX_KVPAIR);
+ return -ENOMEM;
+ }
size_t size_local = (sizeof(struct agm_tag_config) +
(tag_config.data()->num_tkvs) * sizeof(agm_key_value));
int32_t ret = 0;