From d19e2f6e6cd1f96a22d0b10397634764979db5d9 Mon Sep 17 00:00:00 2001 From: Phil Burk Date: Wed, 8 Apr 2020 18:02:06 -0700 Subject: [PATCH] MIDI: check range of port counts Fuzz testing cause out-of-memory errors when passing very large port counts. Now we check to make sure the port count is in a resonable range. Bug: 135639926 Test: any MIDI test will exercise this code Test: https://source.android.com/devices/audio/midi_test.html Change-Id: Ic5dedc1eda86ff86a73a1da66ee6630c9662ceb8 --- media/java/android/media/midi/MidiDeviceInfo.java | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/media/java/android/media/midi/MidiDeviceInfo.java b/media/java/android/media/midi/MidiDeviceInfo.java index c2229850b4cef..dd3b6dbd6a399 100644 --- a/media/java/android/media/midi/MidiDeviceInfo.java +++ b/media/java/android/media/midi/MidiDeviceInfo.java @@ -19,7 +19,6 @@ package android.media.midi; import android.os.Bundle; import android.os.Parcel; import android.os.Parcelable; - import android.util.Log; /** @@ -205,6 +204,20 @@ public final class MidiDeviceInfo implements Parcelable { public MidiDeviceInfo(int type, int id, int numInputPorts, int numOutputPorts, String[] inputPortNames, String[] outputPortNames, Bundle properties, boolean isPrivate) { + // Check num ports for out-of-range values. Typical values will be + // between zero and three. More than 16 would be very unlikely + // because the port index field in the USB packet is only 4 bits. + // This check is mainly just to prevent OutOfMemoryErrors when + // fuzz testing. + final int maxPorts = 256; // arbitrary and very high + if (numInputPorts < 0 || numInputPorts > maxPorts) { + throw new IllegalArgumentException("numInputPorts out of range = " + + numInputPorts); + } + if (numOutputPorts < 0 || numOutputPorts > maxPorts) { + throw new IllegalArgumentException("numOutputPorts out of range = " + + numOutputPorts); + } mType = type; mId = id; mInputPortCount = numInputPorts;