From 6ab188589d9126c19bb37ba7dfa4de3e73e93e55 Mon Sep 17 00:00:00 2001
From: Glenn Kasten <gkasten@google.com>
Date: Thu, 18 Jul 2013 17:15:43 -0700
Subject: [PATCH] Detect integer overflow

See Change-Id: Iec36fc0ea67095e18a2c238b148dad5545c102c1

Change-Id: I421f0d84c64310fcb6c5451993cfaf38125c4bb2
---
 media/java/android/media/AudioRecord.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/media/java/android/media/AudioRecord.java b/media/java/android/media/AudioRecord.java
index 78306ac882a22..f0d31147b609a 100644
--- a/media/java/android/media/AudioRecord.java
+++ b/media/java/android/media/AudioRecord.java
@@ -587,6 +587,7 @@ public class AudioRecord
         }
 
         if ( (audioData == null) || (offsetInBytes < 0 ) || (sizeInBytes < 0)
+                || (offsetInBytes + sizeInBytes < 0)  // detect integer overflow
                 || (offsetInBytes + sizeInBytes > audioData.length)) {
             return ERROR_BAD_VALUE;
         }
@@ -611,6 +612,7 @@ public class AudioRecord
         }
 
         if ( (audioData == null) || (offsetInShorts < 0 ) || (sizeInShorts < 0)
+                || (offsetInShorts + sizeInShorts < 0)  // detect integer overflow
                 || (offsetInShorts + sizeInShorts > audioData.length)) {
             return ERROR_BAD_VALUE;
         }