diff options
author | timothywang <timothywang@google.com> | 2022-11-30 14:43:02 +0800 |
---|---|---|
committer | Owen Kim <owenkmg@google.com> | 2022-12-08 22:10:04 +0000 |
commit | e0ae702173888cf3491c8f3657a73899a0c94b59 (patch) | |
tree | 923b0b3b83623d5805da6e2be71b047cd69f5ff0 | |
parent | b0fe4c29b7f77640a420c3629cb9880dd967fba7 (diff) | |
download | camera-e0ae702173888cf3491c8f3657a73899a0c94b59.tar.gz |
Validate the message queue setting size
Make sure the input message queue setting size is large enough to
represent a camera metadata.
Bug: 256166866
Test: GCA
Change-Id: If6793d131873e590a498454d0fe472ddfa079393
-rw-r--r-- | common/hal/aidl_service/aidl_utils.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/common/hal/aidl_service/aidl_utils.cc b/common/hal/aidl_service/aidl_utils.cc index b5a4028..9652900 100644 --- a/common/hal/aidl_service/aidl_utils.cc +++ b/common/hal/aidl_service/aidl_utils.cc @@ -724,6 +724,11 @@ status_t ConvertToHalMetadata( ALOGE("%s: request_metadata_queue is nullptr", __FUNCTION__); return BAD_VALUE; } + if (message_queue_setting_size < calculate_camera_metadata_size(0, 0)) { + ALOGE("%s: invalid message queue setting size: %u", __FUNCTION__, + message_queue_setting_size); + return BAD_VALUE; + } metadata_queue_settings.resize(message_queue_setting_size); bool success = request_metadata_queue->read(metadata_queue_settings.data(), |