Camera: Fix possible ExifUtils heap corruption Both EXIF_TAG_IMAGE_WIDTH and EXIF_TAG_IMAGE_LENGTH expect short values as per EXIF spec. Call appropriate libexif function to avoid possible heap corruption. Bug: 148223871 Test: run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Poc20_02#testPocBug_148223871 Change-Id: I57a774454b52c16d7da9f90d7e3a3407294606a5 (cherry picked from commit 649a27ad16faeb7a6bf87a50a33d19d461ece27c)

commit: 624a0ba71eac1e7c1bd3db3bd8e3d4d43d571597 [log] [tgz]
author: Emilian Peev <epeev@google.com> Tue Feb 18 13:38:04 2020 -0800
committer: Anis Assi <anisassi@google.com> Thu Mar 12 13:40:48 2020 -0700
tree: 5a9cbfd86c12d2705f1faed52fa7ea7d0ef6fa22
parent: 0c0c2ae3e2bce862a891c6457d059fc5c7943832 [diff]
diff --git a/services/camera/libcameraservice/utils/ExifUtils.cpp b/services/camera/libcameraservice/utils/ExifUtils.cpp
index c0afdc1..8a0303a 100644
--- a/services/camera/libcameraservice/utils/ExifUtils.cpp
+++ b/services/camera/libcameraservice/utils/ExifUtils.cpp

@@ -603,13 +603,13 @@
 }
 
 bool ExifUtilsImpl::setImageHeight(uint32_t length) {
-    SET_LONG(EXIF_IFD_0, EXIF_TAG_IMAGE_LENGTH, length);
+    SET_SHORT(EXIF_IFD_0, EXIF_TAG_IMAGE_LENGTH, length);
     SET_LONG(EXIF_IFD_EXIF, EXIF_TAG_PIXEL_Y_DIMENSION, length);
     return true;
 }
 
 bool ExifUtilsImpl::setImageWidth(uint32_t width) {
-    SET_LONG(EXIF_IFD_0, EXIF_TAG_IMAGE_WIDTH, width);
+    SET_SHORT(EXIF_IFD_0, EXIF_TAG_IMAGE_WIDTH, width);
     SET_LONG(EXIF_IFD_EXIF, EXIF_TAG_PIXEL_X_DIMENSION, width);
     return true;
 }
commit	624a0ba71eac1e7c1bd3db3bd8e3d4d43d571597	[log] [tgz]
author	Emilian Peev <epeev@google.com>	Tue Feb 18 13:38:04 2020 -0800
committer	Anis Assi <anisassi@google.com>	Thu Mar 12 13:40:48 2020 -0700
tree	5a9cbfd86c12d2705f1faed52fa7ea7d0ef6fa22
parent	0c0c2ae3e2bce862a891c6457d059fc5c7943832 [diff]