Audio HAL VTS: Sanitize prepareFor{Writing,Reading} input size
Return an error if framesCount or frameSize are null to avoid a division
by zero when calculating the buffer size.
The message queues are allocated with a buffer size but if two big they will
assert not return an error.
Thus take some margin on the buffer size check.
Note that both function should be refactored as 99% identical.
Test: vts-tradefed run vts --module VtsHalAudioV2_0Target
Test: call/play music/record/video...
Bug: 36311550
Change-Id: I0576e9016ef2e567c8d4e171c6237883d9865db9
Signed-off-by: Kevin Rocard <krocard@google.com>
diff --git a/audio/2.0/default/StreamIn.cpp b/audio/2.0/default/StreamIn.cpp
index 59029be..9feef15 100644
--- a/audio/2.0/default/StreamIn.cpp
+++ b/audio/2.0/default/StreamIn.cpp
@@ -334,8 +334,21 @@
return Void();
}
std::unique_ptr<CommandMQ> tempCommandMQ(new CommandMQ(1));
- if (frameSize > std::numeric_limits<size_t>::max() / framesCount) {
- ALOGE("Requested buffer is too big, %d*%d can not fit in size_t",
+
+ // Check frameSize and framesCount
+ if (frameSize == 0 || framesCount == 0) {
+ ALOGE("Null frameSize (%u) or framesCount (%u)", frameSize,
+ framesCount);
+ sendError(Result::INVALID_ARGUMENTS);
+ return Void();
+ }
+ // A message queue asserts if it can not handle the requested buffer,
+ // thus the client has to guess the maximum size it can handle
+ // Choose an arbitrary margin for the overhead of a message queue
+ size_t metadataOverhead = 100000;
+ if (frameSize >
+ (std::numeric_limits<size_t>::max() - metadataOverhead) / framesCount) {
+ ALOGE("Buffer too big: %u*%u bytes can not fit in a message queue",
frameSize, framesCount);
sendError(Result::INVALID_ARGUMENTS);
return Void();