Prevent buffer overflow in case the audio data size is too large

author Ji-hoon Lee <dalton.lee@samsung.com>

Tue, 27 Jul 2021 05:27:43 +0000 (14:27 +0900)

committer Ji-hoon Lee <dalton.lee@samsung.com>

Mon, 2 Aug 2021 15:03:23 +0000 (00:03 +0900)
author Ji-hoon Lee <dalton.lee@samsung.com>
Tue, 27 Jul 2021 05:27:43 +0000 (14:27 +0900)
committer Ji-hoon Lee <dalton.lee@samsung.com>
Mon, 2 Aug 2021 15:03:23 +0000 (00:03 +0900)
diff --git a/src/service_ipc_dbus.cpp b/src/service_ipc_dbus.cpp

index a0973f6..5799f88 100644 (file)
--- a/src/service_ipc_dbus.cpp
+++ b/src/service_ipc_dbus.cpp
@@ -239,12 +239,34 @@ int CServiceIpcDbus::send_streaming_audio_data(pid_t pid, int event, void* data,
  
         unsigned char buffer[STREAMING_BUFFER_SIZE];
         size_t total_size = 0;
-       memcpy(buffer, &header, sizeof(header));
-       total_size += sizeof(header);
-       memcpy(buffer + total_size, &audio_data_header, sizeof(audio_data_header));
-       total_size += sizeof(audio_data_header);
-       memcpy(buffer + total_size, data, data_size);
-       total_size += data_size;
+       size_t new_size = 0;
+
+       new_size = sizeof(header);
+       if (new_size + total_size <= STREAMING_BUFFER_SIZE) {
+               memcpy(buffer, &header, new_size);
+               total_size += new_size;
+       } else {
+               MAS_LOGE("Buffer overflow : %zu %zu", new_size, total_size);
+               return -1;
+       }
+
+       new_size = sizeof(audio_data_header);
+       if (new_size + total_size <= STREAMING_BUFFER_SIZE) {
+               memcpy(buffer + total_size, &audio_data_header, new_size);
+               total_size += new_size;
+       } else {
+               MAS_LOGE("Buffer overflow : %zu %zu", new_size, total_size);
+               return -1;
+       }
+
+       new_size = data_size;
+       if (new_size + total_size <= STREAMING_BUFFER_SIZE) {
+               memcpy(buffer + total_size, data, new_size);
+               total_size += new_size;
+       } else {
+               MAS_LOGE("Buffer overflow : %zu %zu", new_size, total_size);
+               return -1;
+       }
  
         const long long minimum_flush_interval = 20;
         static long long last_flush_time = get_current_milliseconds_after_epoch();
@@ -309,8 +331,12 @@ int CServiceIpcDbus::send_streaming_audio_data(pid_t pid, int event, void* data,
                         MAS_LOGE("Bundle creation failed!!!");
                 }
         } else {
-               memcpy(pending_buffer + pending_buffer_size, buffer, total_size);
-               pending_buffer_size += total_size;
+               if (pending_buffer_size + total_size <= STREAMING_BUFFER_SIZE) {
+                       memcpy(pending_buffer + pending_buffer_size, buffer, total_size);
+                       pending_buffer_size += total_size;
+               } else {
+                       MAS_LOGE("Buffer overflow : %zu %zu", pending_buffer_size, total_size);
+               }
         }
         return 0;
  }
author	Ji-hoon Lee <dalton.lee@samsung.com>
	Tue, 27 Jul 2021 05:27:43 +0000 (14:27 +0900)
committer	Ji-hoon Lee <dalton.lee@samsung.com>
	Mon, 2 Aug 2021 15:03:23 +0000 (00:03 +0900)