Merge "ipc: HwBinders: Fix potential out of bound access"

commit: 78e7d62af3b403a6cedbf7aeb741f6e37cc8722a [log] [tgz]
author: qctecmdr <qctecmdr@localhost> Mon Sep 11 08:08:20 2023 -0700
committer: Gerrit - the friendly Code Review server <code-review@localhost> Mon Sep 11 08:08:20 2023 -0700
tree: 2c794dc9945e235c470fa6319e8c1e02944076cd
parent: fc8c2a396149525f7551a5b1e1e35bca93c4c607 [diff]
parent: 39cb5945067211cf72ac760f93d999196b0b82e6 [diff]
diff --git a/ipc/HwBinders/agm_ipc_service/src/agm_server_wrapper.cpp b/ipc/HwBinders/agm_ipc_service/src/agm_server_wrapper.cpp
index 4bd504e..aa640c4 100644
--- a/ipc/HwBinders/agm_ipc_service/src/agm_server_wrapper.cpp
+++ b/ipc/HwBinders/agm_ipc_service/src/agm_server_wrapper.cpp

@@ -906,6 +906,18 @@
     ALOGV("%s : session_id = %d\n", __func__, session_id);
     struct agm_event_reg_cfg *evt_reg_cfg_local;
     int32_t ret = 0;
+
+    if (evt_reg_cfg.size() != 1) {
+        ALOGE("%s evt_reg_cfg needs to be of size 1\n", __func__);
+        return -EINVAL;
+    }
+
+    if (evt_reg_cfg.data()->event_config_payload.size() !=
+        evt_reg_cfg.data()->event_config_payload_size) {
+        ALOGE("%s: event_config_payload_size value mismatch\n", __func__);
+        return -EINVAL;
+    }
+
     evt_reg_cfg_local = (struct agm_event_reg_cfg*)
               calloc(1,(sizeof(struct agm_event_reg_cfg) +
               (evt_reg_cfg.data()->event_config_payload_size)*sizeof(uint8_t)));
commit	78e7d62af3b403a6cedbf7aeb741f6e37cc8722a	[log] [tgz]
author	qctecmdr <qctecmdr@localhost>	Mon Sep 11 08:08:20 2023 -0700
committer	Gerrit - the friendly Code Review server <code-review@localhost>	Mon Sep 11 08:08:20 2023 -0700
tree	2c794dc9945e235c470fa6319e8c1e02944076cd
parent	fc8c2a396149525f7551a5b1e1e35bca93c4c607 [diff]
parent	39cb5945067211cf72ac760f93d999196b0b82e6 [diff]