Effects: Check get parameter command size Test: Custom test. Bug: 32438594 Bug: 32624850 Bug: 32635664 Change-Id: I9b1315e2c02f11bea395bfdcf5c1ccddccbad8a6 (cherry picked from commit 3d34cc76e315dfa8c3b1edf78835b0dab4980505)

commit: dd5c245a90750ee2df68cd88d23172b540e0e3be [log] [tgz]
author: Andy Hung <hunga@google.com> Fri Nov 04 19:40:53 2016 -0700
committer: gitbuildkicker <android-build@google.com> Tue Dec 06 16:30:44 2016 -0800
tree: 3ac2228bba49d4501e385d5f1f7d203f4f629563
parent: da0fc477b38c0ed566c7f8b4c1b3c6b953688279 [diff]
diff --git a/services/audioflinger/Effects.cpp b/services/audioflinger/Effects.cpp
index f87b8f57..321099a 100644
--- a/services/audioflinger/Effects.cpp
+++ b/services/audioflinger/Effects.cpp

@@ -571,6 +571,13 @@
         android_errorWriteLog(0x534e4554, "29251553");
         return -EINVAL;
     }
+    if (cmdCode == EFFECT_CMD_GET_PARAM &&
+            (sizeof(effect_param_t) > cmdSize ||
+                    ((effect_param_t *)pCmdData)->psize > cmdSize
+                                                          - sizeof(effect_param_t))) {
+        android_errorWriteLog(0x534e4554, "32438594");
+        return -EINVAL;
+    }
     if ((cmdCode == EFFECT_CMD_SET_PARAM
             || cmdCode == EFFECT_CMD_SET_PARAM_DEFERRED) &&  // DEFERRED not generally used
         (sizeof(effect_param_t) > cmdSize
commit	dd5c245a90750ee2df68cd88d23172b540e0e3be	[log] [tgz]
author	Andy Hung <hunga@google.com>	Fri Nov 04 19:40:53 2016 -0700
committer	gitbuildkicker <android-build@google.com>	Tue Dec 06 16:30:44 2016 -0800
tree	3ac2228bba49d4501e385d5f1f7d203f4f629563
parent	da0fc477b38c0ed566c7f8b4c1b3c6b953688279 [diff]