pal : add check in ipc_pal_stream_set_volume to avoid OOB Add below checks in ipc_pal_stream_set_volume to avoid OOB, 1. check noOfVolPairs is not more than size of volPair vector 2. check that vol vector size is exactly one Change-Id: Ic47431f7573b58e229ddb01d03f40fd2fbef634d

commit: 69fa87f86f37ba97987f79a085507810e9580da2 [log] [tgz]
author: Srinivas Marka <quic_smarka@quicinc.com> Tue Aug 01 16:25:24 2023 +0530
committer: Gerrit - the friendly Code Review server <code-review@localhost> Wed Aug 09 00:25:22 2023 -0700
tree: 0403456862657a41665797015e93deabc3328a44
parent: 7b3c0edfd2ef28500d449e7a45c7337080e40c63 [diff]
diff --git a/ipc/HwBinders/pal_ipc_server/src/pal_server_wrapper.cpp b/ipc/HwBinders/pal_ipc_server/src/pal_server_wrapper.cpp
index 1896d31..31dddf4 100644
--- a/ipc/HwBinders/pal_ipc_server/src/pal_server_wrapper.cpp
+++ b/ipc/HwBinders/pal_ipc_server/src/pal_server_wrapper.cpp

@@ -915,6 +915,14 @@
     struct pal_volume_data *volume = nullptr;
     uint32_t noOfVolPairs = vol.data()->noOfVolPairs;
     int32_t ret = -ENOMEM;
+    if (1 != vol.size()) {
+        ALOGE("Invalid vol pairs");
+        return -EINVAL;
+    }
+    if (noOfVolPairs > vol.data()->volPair.size()) {
+        ALOGE("Invalid vol vector size");
+        return -EINVAL;
+    }
     volume = (struct pal_volume_data *) calloc(1,
                                         sizeof(struct pal_volume_data) +
                                         noOfVolPairs * sizeof(pal_channel_vol_kv));
commit	69fa87f86f37ba97987f79a085507810e9580da2	[log] [tgz]
author	Srinivas Marka <quic_smarka@quicinc.com>	Tue Aug 01 16:25:24 2023 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	Wed Aug 09 00:25:22 2023 -0700
tree	0403456862657a41665797015e93deabc3328a44
parent	7b3c0edfd2ef28500d449e7a45c7337080e40c63 [diff]