Google Git
Sign in
android / platform / external / sonivox / android-7.1.1_r47^1..android-7.1.1_r47 / .
commitf3254826bc2c455d945b034ba947f70755f70fc3[log] [tgz]
authorandroid-build-team Robot <android-build-team-robot@google.com>Thu May 25 18:21:24 2017 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>Thu May 25 18:21:24 2017 +0000
tree95ab0779ef76842fd143861fb7b6d4b6a3ee1a6f
parent5c438190958f5265a764baf721ebbcde7ffb070c [diff]
parent930ebc8e19009037b0e63ac37531586b4f5b1625 [diff]
Merge cherrypicks of [2315914, 2315916, 2315837, 2315963, 2315918, 2315814, 2315983, 2315964, 2316107, 2316086, 2316109, 2315977, 2316145, 2316016, 2316110, 2316221, 2316088, 2316210, 2316242, 2316222, 2316075, 2316076, 2316077, 2316089, 2316243, 2316183, 2316078, 2316112, 2316211, 2316149, 2316113, 2316212, 2316151, 2316215, 2316131, 2316115, 2316245, 2316216, 2316116, 2316217, 2316279, 2316186, 2316187, 2316246, 2316247, 2316249, 2316218, 2316092, 2316094, 2316323, 2316360, 2316379] into nyc-mr1-security-a-release

Change-Id: I530a48d2d230ae3463cb08c0ebbd61b64206fd71

diff --git a/arm-wt-22k/lib_src/eas_mdls.c b/arm-wt-22k/lib_src/eas_mdls.c
index 296d783..8097ba4 100644
--- a/arm-wt-22k/lib_src/eas_mdls.c
+++ b/arm-wt-22k/lib_src/eas_mdls.c

@@ -785,6 +785,11 @@
     if ((result = EAS_HWGetDWord(pDLSData->hwInstData, pDLSData->fileHandle, pSize, EAS_FALSE)) != EAS_SUCCESS)
         return result;
 
+    if (*pSize < 0) {
+        ALOGE("b/37093318");
+        return EAS_ERROR_FILE_FORMAT;
+    }
+
     /* get form type for RIFF and LIST types */
     if ((*pChunkType == CHUNK_RIFF) || (*pChunkType == CHUNK_LIST))
     {

diff --git a/arm-wt-22k/lib_src/eas_xmf.c b/arm-wt-22k/lib_src/eas_xmf.c
index 830b6e5..169eb7e 100644
--- a/arm-wt-22k/lib_src/eas_xmf.c
+++ b/arm-wt-22k/lib_src/eas_xmf.c

@@ -27,6 +27,8 @@
  *----------------------------------------------------------------------------
 */
 
+#include <log/log.h>
+
 #include "eas_data.h"
 #include "eas_miditypes.h"
 #include "eas_parser.h"
@@ -649,6 +651,11 @@
         for ( ; numItems > 0; numItems--)
         {
             /* process this item */
+            if (offset <= nodeOffset) {
+                ALOGE("b/36725407: parser did not advance");
+                return EAS_ERROR_FILE_FORMAT;
+            }
+
             if ((result = XMF_ReadNode(hwInstData, pXMFData, offset, &length)) != EAS_SUCCESS)
                 return result;