From 283a9d9e15e095493a7d9800667e49169143e7e3 Mon Sep 17 00:00:00 2001
From: Jon Eklund <jeklund@motorola.com>
Date: Thu, 13 Nov 2014 09:57:17 -0600
Subject: [PATCH] AudioRecorder read buffer overflow

Since function was changed from byte-native to short-native,
it's no longer necessary to multiply offset by sizeof(short).

Bug 18367580

Change-Id: I669d860334ba40e46c04e534d7008b9e2401d8cd
---
 core/jni/android_media_AudioRecord.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/jni/android_media_AudioRecord.cpp b/core/jni/android_media_AudioRecord.cpp
index e38f3d42a50b1..d2eb8dd60086b 100644
--- a/core/jni/android_media_AudioRecord.cpp
+++ b/core/jni/android_media_AudioRecord.cpp
@@ -431,7 +431,7 @@ static jint android_media_AudioRecord_readInShortArray(JNIEnv *env,  jobject thi
     // read the new audio data from the native AudioRecord object
     const size_t recorderBuffSize = lpRecorder->frameCount()*lpRecorder->frameSize();
     const size_t sizeInBytes = sizeInShorts * sizeof(short);
-    ssize_t readSize = lpRecorder->read(recordBuff + offsetInShorts * sizeof(short),
+    ssize_t readSize = lpRecorder->read(recordBuff + offsetInShorts,
                                         sizeInBytes > recorderBuffSize ?
                                             recorderBuffSize : sizeInBytes);