From 63c974bf14d7a5007f3678e192c18d5ca3ff812c Mon Sep 17 00:00:00 2001
From: rago <rago@google.com>
Date: Tue, 29 Nov 2016 10:29:39 -0800
Subject: Fix security vulnerability: potential OOB write in audioserver

Bug: 32705438
Bug: 32703959
Test: cts security test
Change-Id: I920a74cb0a809c623ddf802f3d2808f0f1bd537c
(cherry picked from commit 3f9a6d3bd97966999fa35b9423b8c0042c8198b3)
---
 include/hardware/audio_effect.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/hardware/audio_effect.h b/include/hardware/audio_effect.h
index e49980d1..8a88414a 100644
--- a/include/hardware/audio_effect.h
+++ b/include/hardware/audio_effect.h
@@ -911,6 +911,9 @@ typedef struct effect_param_s {
     char        data[];     // Start of Parameter + Value data
 } effect_param_t;
 
+// Maximum effect_param_t size
+#define EFFECT_PARAM_SIZE_MAX       65536
+
 // structure used by EFFECT_CMD_OFFLOAD command
 typedef struct effect_offload_param_s {
     bool isOffload;         // true if the playback thread the effect is attached to is offloaded
-- 
cgit v1.2.3