From: Jeongmo Yang <jm80.yang@samsung.com>
Date: Thu, 29 Apr 2021 05:41:31 +0000 (+0900)
Subject: media_packet_pool: Fix heap-buffer-overflow issue in media_packet_pool_allocate()
X-Git-Tag: submit/tizen/20210506.034922^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8ca1c31ef491ff757ab59dc757c8f1ccd38628af;p=platform%2Fcore%2Fapi%2Fmediatool.git

media_packet_pool: Fix heap-buffer-overflow issue in media_packet_pool_allocate()

[Version] 0.1.48
[Issue Type] Bug fix

Change-Id: Ida20e76fd1fdc79d4ff964bd7290faf34d419d9f
Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
---

diff --git a/packaging/capi-media-tool.spec b/packaging/capi-media-tool.spec
index 814d46e..c06ec67 100755
--- a/packaging/capi-media-tool.spec
+++ b/packaging/capi-media-tool.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-tool
 Summary:    A Core API media tool library in Tizen Native API
-Version:    0.1.47
+Version:    0.1.48
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0
diff --git a/src/media_packet_pool.c b/src/media_packet_pool.c
index 01ce6f2..6612a90 100644
--- a/src/media_packet_pool.c
+++ b/src/media_packet_pool.c
@@ -87,8 +87,12 @@ int media_packet_pool_set_size(media_packet_pool_h pool, int min_buffers, int ma
 	MEDIA_PACKET_POOL_INSTANCE_CHECK(pool);
 	pool_handle = (media_packet_pool_s *)pool;
 
-	if (max_buffers <= 0 || min_buffers <= 0 || min_buffers > max_buffers)
+	if (max_buffers <= 0 || min_buffers <= 0 ||
+		min_buffers > max_buffers || max_buffers > MAX_PACKET) {
+		LOGE("invalid size - set[min:%d,max:%d], pool max[%d]",
+			min_buffers, max_buffers, MAX_PACKET);
 		return MEDIA_PACKET_ERROR_INVALID_PARAMETER;
+	}
 
 	pool_handle->pool_size_min = min_buffers;
 	pool_handle->pool_size_max = max_buffers;