summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortimothywang <timothywang@google.com>2022-11-30 14:43:02 +0800
committerOwen Kim <owenkmg@google.com>2022-12-08 22:10:04 +0000
commite0ae702173888cf3491c8f3657a73899a0c94b59 (patch)
tree923b0b3b83623d5805da6e2be71b047cd69f5ff0
parentb0fe4c29b7f77640a420c3629cb9880dd967fba7 (diff)
downloadcamera-e0ae702173888cf3491c8f3657a73899a0c94b59.tar.gz
Validate the message queue setting size
Make sure the input message queue setting size is large enough to represent a camera metadata. Bug: 256166866 Test: GCA Change-Id: If6793d131873e590a498454d0fe472ddfa079393
Diffstat
-rw-r--r--common/hal/aidl_service/aidl_utils.cc5
1 files changed, 5 insertions, 0 deletions
diff --git a/common/hal/aidl_service/aidl_utils.cc b/common/hal/aidl_service/aidl_utils.cc
index b5a4028..9652900 100644
--- a/common/hal/aidl_service/aidl_utils.cc
+++ b/common/hal/aidl_service/aidl_utils.cc
@@ -724,6 +724,11 @@ status_t ConvertToHalMetadata(
ALOGE("%s: request_metadata_queue is nullptr", __FUNCTION__);
return BAD_VALUE;
}
+ if (message_queue_setting_size < calculate_camera_metadata_size(0, 0)) {
+ ALOGE("%s: invalid message queue setting size: %u", __FUNCTION__,
+ message_queue_setting_size);
+ return BAD_VALUE;
+ }
metadata_queue_settings.resize(message_queue_setting_size);
bool success = request_metadata_queue->read(metadata_queue_settings.data(),
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-24 08:49:59 +0000