From 6316a79500a303cd642efc79ef9e134f3b3cb4d7 Mon Sep 17 00:00:00 2001
From: Ravneet <rdhanjal@google.com>
Date: Fri, 2 Jun 2023 22:24:10 +0000
Subject: Validate camera metadata size

- Check that the metadata expected size
matches the reported size

Test: CTS test
Bug: 274445725
Change-Id: I0e2dc8e4a87947518d0bc1bdeb057c9eff31bcba
---
 common/hal/aidl_service/aidl_utils.cc | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/common/hal/aidl_service/aidl_utils.cc b/common/hal/aidl_service/aidl_utils.cc
index 6d5f201..332d1a1 100644
--- a/common/hal/aidl_service/aidl_utils.cc
+++ b/common/hal/aidl_service/aidl_utils.cc
@@ -728,6 +728,15 @@ status_t ConvertToHalMetadata(
 
       metadata =
           reinterpret_cast<const camera_metadata_t*>(request_settings.data());
+
+      size_t metadata_size = get_camera_metadata_size(metadata);
+      if (metadata_size != request_settings.size()) {
+        ALOGE(
+            "%s: Mismatch between camera metadata size (%zu) and request "
+            "setting size (%zu)",
+            __FUNCTION__, metadata_size, request_settings.size());
+        return BAD_VALUE;
+      }
     }
   } else {
     // Read the settings from request metadata queue.
@@ -751,6 +760,15 @@ status_t ConvertToHalMetadata(
 
     metadata = reinterpret_cast<const camera_metadata_t*>(
         metadata_queue_settings.data());
+
+    size_t metadata_size = get_camera_metadata_size(metadata);
+    if (metadata_size != message_queue_setting_size) {
+      ALOGE(
+          "%s: Mismatch between camera metadata size (%zu) and message "
+          "queue setting size (%u)",
+          __FUNCTION__, metadata_size, message_queue_setting_size);
+      return BAD_VALUE;
+    }
   }
 
   if (metadata == nullptr) {
-- 
cgit v1.2.3