Project

General

Profile

Issue #1299 ยป audio-effects-fix-heap-overflow.patch

My Self, 08/26/2015 11:40 AM

View differences:

media/libeffects/downmix/EffectDownmix.c
179 179

  
180 180

  
181 181
int32_t DownmixLib_Create(const effect_uuid_t *uuid,
182
        int32_t sessionId,
183
        int32_t ioId,
182
        int32_t sessionId __unused,
183
        int32_t ioId __unused,
184 184
        effect_handle_t *pHandle) {
185 185
    int ret;
186 186
    int i;
......
403 403

  
404 404
    switch (cmdCode) {
405 405
    case EFFECT_CMD_INIT:
406
        if (pReplyData == NULL || *replySize != sizeof(int)) {
406
        if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)) {
407 407
            return -EINVAL;
408 408
        }
409 409
        *(int *) pReplyData = Downmix_Init(pDwmModule);
......
411 411

  
412 412
    case EFFECT_CMD_SET_CONFIG:
413 413
        if (pCmdData == NULL || cmdSize != sizeof(effect_config_t)
414
                || pReplyData == NULL || *replySize != sizeof(int)) {
414
                || pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)) {
415 415
            return -EINVAL;
416 416
        }
417 417
        *(int *) pReplyData = Downmix_Configure(pDwmModule,
......
426 426
        ALOGV("Downmix_Command EFFECT_CMD_GET_PARAM pCmdData %p, *replySize %d, pReplyData: %p",
427 427
                pCmdData, *replySize, pReplyData);
428 428
        if (pCmdData == NULL || cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) ||
429
                pReplyData == NULL ||
429
                pReplyData == NULL || replySize == NULL ||
430 430
                *replySize < (int) sizeof(effect_param_t) + 2 * sizeof(int32_t)) {
431 431
            return -EINVAL;
432 432
        }
......
443 443
        ALOGV("Downmix_Command EFFECT_CMD_SET_PARAM cmdSize %d pCmdData %p, *replySize %d, " \
444 444
                "pReplyData %p", cmdSize, pCmdData, *replySize, pReplyData);
445 445
        if (pCmdData == NULL || (cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)))
446
                || pReplyData == NULL || *replySize != (int)sizeof(int32_t)) {
446
                || pReplyData == NULL || replySize == NULL || *replySize != (int)sizeof(int32_t)) {
447 447
            return -EINVAL;
448 448
        }
449 449
        effect_param_t *cmd = (effect_param_t *) pCmdData;
......
462 462
        break;
463 463

  
464 464
    case EFFECT_CMD_ENABLE:
465
        if (pReplyData == NULL || *replySize != sizeof(int)) {
465
        if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)) {
466 466
            return -EINVAL;
467 467
        }
468 468
        if (pDownmixer->state != DOWNMIX_STATE_INITIALIZED) {
......
474 474
        break;
475 475

  
476 476
    case EFFECT_CMD_DISABLE:
477
        if (pReplyData == NULL || *replySize != sizeof(int)) {
477
        if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)) {
478 478
            return -EINVAL;
479 479
        }
480 480
        if (pDownmixer->state != DOWNMIX_STATE_ACTIVE) {
......
689 689
 *----------------------------------------------------------------------------
690 690
 */
691 691

  
692
int Downmix_Reset(downmix_object_t *pDownmixer, bool init) {
692
int Downmix_Reset(downmix_object_t *pDownmixer __unused, bool init __unused) {
693 693
    // nothing to do here
694 694
    return 0;
695 695
}
media/libeffects/lvm/wrapper/Bundle/EffectBundle.cpp
2787 2787

  
2788 2788
    switch (cmdCode){
2789 2789
        case EFFECT_CMD_INIT:
2790
            if (pReplyData == NULL || *replySize != sizeof(int)){
2790
            if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)){
2791 2791
                ALOGV("\tLVM_ERROR, EFFECT_CMD_INIT: ERROR for effect type %d",
2792 2792
                        pContext->EffectType);
2793 2793
                return -EINVAL;
......
2814 2814

  
2815 2815
        case EFFECT_CMD_SET_CONFIG:
2816 2816
            //ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_SET_CONFIG start");
2817
            if (pCmdData    == NULL||
2818
                cmdSize     != sizeof(effect_config_t)||
2819
                pReplyData  == NULL||
2820
                *replySize  != sizeof(int)){
2817
            if (pCmdData    == NULL || cmdSize     != sizeof(effect_config_t) ||
2818
                    pReplyData  == NULL || replySize == NULL || *replySize  != sizeof(int)) {
2821 2819
                ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: "
2822 2820
                        "EFFECT_CMD_SET_CONFIG: ERROR");
2823 2821
                return -EINVAL;
......
2827 2825
            break;
2828 2826

  
2829 2827
        case EFFECT_CMD_GET_CONFIG:
2830
            if (pReplyData == NULL ||
2831
                *replySize != sizeof(effect_config_t)) {
2828
            if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(effect_config_t)) {
2832 2829
                ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: "
2833 2830
                        "EFFECT_CMD_GET_CONFIG: ERROR");
2834 2831
                return -EINVAL;
......
2845 2842

  
2846 2843
        case EFFECT_CMD_GET_PARAM:{
2847 2844
            //ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_GET_PARAM start");
2845
            effect_param_t *p = (effect_param_t *)pCmdData;
2848 2846

  
2849
            if(pContext->EffectType == LVM_BASS_BOOST){
2850
                if (pCmdData == NULL ||
2851
                        cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) ||
2852
                        pReplyData == NULL ||
2853
                        *replySize < (int) (sizeof(effect_param_t) + sizeof(int32_t))){
2854
                    ALOGV("\tLVM_ERROR : BassBoost_command cmdCode Case: "
2855
                            "EFFECT_CMD_GET_PARAM: ERROR");
2856
                    return -EINVAL;
2857
                }
2858
                effect_param_t *p = (effect_param_t *)pCmdData;
2847
            if (pCmdData == NULL || cmdSize < sizeof(effect_param_t) ||
2848
                    cmdSize < (sizeof(effect_param_t) + p->psize) ||
2849
                    pReplyData == NULL || replySize == NULL ||
2850
                    *replySize < (sizeof(effect_param_t) + p->psize)) {
2851
                ALOGV("\tLVM_ERROR : EFFECT_CMD_GET_PARAM: ERROR");
2852
                return -EINVAL;
2853
            }
2859 2854

  
2860
                memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);
2855
            memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);
2861 2856

  
2862
                p = (effect_param_t *)pReplyData;
2857
            p = (effect_param_t *)pReplyData;
2863 2858

  
2864
                int voffset = ((p->psize - 1) / sizeof(int32_t) + 1) * sizeof(int32_t);
2859
            int voffset = ((p->psize - 1) / sizeof(int32_t) + 1) * sizeof(int32_t);
2865 2860

  
2861
            if(pContext->EffectType == LVM_BASS_BOOST){
2866 2862
                p->status = android::BassBoost_getParameter(pContext,
2867 2863
                                                            p->data,
2868 2864
                                                            (size_t  *)&p->vsize,
2869 2865
                                                            p->data + voffset);
2870 2866

  
2871
                *replySize = sizeof(effect_param_t) + voffset + p->vsize;
2872

  
2873 2867
                //ALOGV("\tBassBoost_command EFFECT_CMD_GET_PARAM "
2874 2868
                //        "*pCmdData %d, *replySize %d, *pReplyData %d ",
2875 2869
                //        *(int32_t *)((char *)pCmdData + sizeof(effect_param_t)),
......
2878 2872
            }
2879 2873

  
2880 2874
            if(pContext->EffectType == LVM_VIRTUALIZER){
2881
                if (pCmdData == NULL ||
2882
                        cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) ||
2883
                        pReplyData == NULL ||
2884
                        *replySize < (int) (sizeof(effect_param_t) + sizeof(int32_t))){
2885
                    ALOGV("\tLVM_ERROR : Virtualizer_command cmdCode Case: "
2886
                            "EFFECT_CMD_GET_PARAM: ERROR");
2887
                    return -EINVAL;
2888
                }
2889
                effect_param_t *p = (effect_param_t *)pCmdData;
2890

  
2891
                memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);
2892

  
2893
                p = (effect_param_t *)pReplyData;
2894

  
2895
                int voffset = ((p->psize - 1) / sizeof(int32_t) + 1) * sizeof(int32_t);
2896 2875

  
2897 2876
                p->status = android::Virtualizer_getParameter(pContext,
2898 2877
                                                             (void *)p->data,
2899 2878
                                                             (size_t  *)&p->vsize,
2900 2879
                                                              p->data + voffset);
2901 2880

  
2902
                *replySize = sizeof(effect_param_t) + voffset + p->vsize;
2903

  
2904 2881
                //ALOGV("\tVirtualizer_command EFFECT_CMD_GET_PARAM "
2905 2882
                //        "*pCmdData %d, *replySize %d, *pReplyData %d ",
2906 2883
                //        *(int32_t *)((char *)pCmdData + sizeof(effect_param_t)),
......
2910 2887
            if(pContext->EffectType == LVM_EQUALIZER){
2911 2888
                //ALOGV("\tEqualizer_command cmdCode Case: "
2912 2889
                //        "EFFECT_CMD_GET_PARAM start");
2913
                if (pCmdData == NULL ||
2914
                    cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) ||
2915
                    pReplyData == NULL ||
2916
                    *replySize < (int) (sizeof(effect_param_t) + sizeof(int32_t))) {
2917
                    ALOGV("\tLVM_ERROR : Equalizer_command cmdCode Case: "
2918
                            "EFFECT_CMD_GET_PARAM");
2919
                    return -EINVAL;
2920
                }
2921
                effect_param_t *p = (effect_param_t *)pCmdData;
2922

  
2923
                memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);
2924

  
2925
                p = (effect_param_t *)pReplyData;
2926

  
2927
                int voffset = ((p->psize - 1) / sizeof(int32_t) + 1) * sizeof(int32_t);
2928 2890

  
2929 2891
                p->status = android::Equalizer_getParameter(pContext,
2930 2892
                                                            p->data,
2931 2893
                                                            &p->vsize,
2932 2894
                                                            p->data + voffset);
2933 2895

  
2934
                *replySize = sizeof(effect_param_t) + voffset + p->vsize;
2935

  
2936 2896
                //ALOGV("\tEqualizer_command EFFECT_CMD_GET_PARAM *pCmdData %d, *replySize %d, "
2937 2897
                //       "*pReplyData %08x %08x",
2938 2898
                //        *(int32_t *)((char *)pCmdData + sizeof(effect_param_t)), *replySize,
......
2942 2902
            }
2943 2903
            if(pContext->EffectType == LVM_VOLUME){
2944 2904
                //ALOGV("\tVolume_command cmdCode Case: EFFECT_CMD_GET_PARAM start");
2945
                if (pCmdData == NULL ||
2946
                        cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) ||
2947
                        pReplyData == NULL ||
2948
                        *replySize < (int) (sizeof(effect_param_t) + sizeof(int32_t))){
2949
                    ALOGV("\tLVM_ERROR : Volume_command cmdCode Case: "
2950
                            "EFFECT_CMD_GET_PARAM: ERROR");
2951
                    return -EINVAL;
2952
                }
2953
                effect_param_t *p = (effect_param_t *)pCmdData;
2954

  
2955
                memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);
2956

  
2957
                p = (effect_param_t *)pReplyData;
2958

  
2959
                int voffset = ((p->psize - 1) / sizeof(int32_t) + 1) * sizeof(int32_t);
2960 2905

  
2961 2906
                p->status = android::Volume_getParameter(pContext,
2962 2907
                                                         (void *)p->data,
2963 2908
                                                         (size_t  *)&p->vsize,
2964 2909
                                                         p->data + voffset);
2965 2910

  
2966
                *replySize = sizeof(effect_param_t) + voffset + p->vsize;
2967

  
2968 2911
                //ALOGV("\tVolume_command EFFECT_CMD_GET_PARAM "
2969 2912
                //        "*pCmdData %d, *replySize %d, *pReplyData %d ",
2970 2913
                //        *(int32_t *)((char *)pCmdData + sizeof(effect_param_t)),
2971 2914
                //        *replySize,
2972 2915
                //        *(int16_t *)((char *)pReplyData + sizeof(effect_param_t) + voffset));
2973 2916
            }
2917
            *replySize = sizeof(effect_param_t) + voffset + p->vsize;
2918

  
2974 2919
            //ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_GET_PARAM end");
2975 2920
        } break;
2976 2921
        case EFFECT_CMD_SET_PARAM:{
......
2981 2926
                //       *replySize,
2982 2927
                //       *(int16_t *)((char *)pCmdData + sizeof(effect_param_t) + sizeof(int32_t)));
2983 2928

  
2984
                if (pCmdData   == NULL||
2985
                    cmdSize    != (int)(sizeof(effect_param_t) + sizeof(int32_t) +sizeof(int16_t))||
2986
                    pReplyData == NULL||
2987
                    *replySize != sizeof(int32_t)){
2929
                if (pCmdData   == NULL ||
2930
                        cmdSize    != (sizeof(effect_param_t) + sizeof(int32_t) +sizeof(int16_t)) ||
2931
                        pReplyData == NULL || replySize == NULL || *replySize != sizeof(int32_t)) {
2988 2932
                    ALOGV("\tLVM_ERROR : BassBoost_command cmdCode Case: "
2989 2933
                            "EFFECT_CMD_SET_PARAM: ERROR");
2990 2934
                    return -EINVAL;
......
3014 2958
              //        *replySize,
3015 2959
              //        *(int16_t *)((char *)pCmdData + sizeof(effect_param_t) + sizeof(int32_t)));
3016 2960

  
3017
                if (pCmdData   == NULL||
3018
                    cmdSize    != (int)(sizeof(effect_param_t) + sizeof(int32_t) +sizeof(int16_t))||
3019
                    pReplyData == NULL||
3020
                    *replySize != sizeof(int32_t)){
2961
                 if (pCmdData   == NULL ||
2962
                        // legal parameters are int16_t or int32_t
2963
                        cmdSize    > (sizeof(effect_param_t) + sizeof(int32_t) +sizeof(int32_t)) ||
2964
                        cmdSize    < (sizeof(effect_param_t) + sizeof(int32_t) +sizeof(int16_t)) ||
2965
                        pReplyData == NULL || replySize == NULL || *replySize != sizeof(int32_t)) {
3021 2966
                    ALOGV("\tLVM_ERROR : Virtualizer_command cmdCode Case: "
3022 2967
                            "EFFECT_CMD_SET_PARAM: ERROR");
3023 2968
                    return -EINVAL;
......
3050 2995
               //        *(int16_t *)((char *)pCmdData + sizeof(effect_param_t) + sizeof(int32_t)));
3051 2996

  
3052 2997
                if (pCmdData == NULL || cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) ||
3053
                    pReplyData == NULL || *replySize != sizeof(int32_t)) {
2998
                        pReplyData == NULL || replySize == NULL || *replySize != sizeof(int32_t)) {
3054 2999
                    ALOGV("\tLVM_ERROR : Equalizer_command cmdCode Case: "
3055 3000
                            "EFFECT_CMD_SET_PARAM: ERROR");
3056 3001
                    return -EINVAL;
......
3068 3013
                //        *replySize,
3069 3014
                //        *(int16_t *)((char *)pCmdData + sizeof(effect_param_t) +sizeof(int32_t)));
3070 3015

  
3071
                if (    pCmdData   == NULL||
3072
                        cmdSize    < (int)(sizeof(effect_param_t) + sizeof(int32_t))||
3073
                        pReplyData == NULL||
3074
                        *replySize != sizeof(int32_t)){
3016
                if (pCmdData   == NULL ||
3017
                        cmdSize    < (sizeof(effect_param_t) + sizeof(int32_t)) ||
3018
                        pReplyData == NULL || replySize == NULL ||
3019
                        *replySize != sizeof(int32_t)) {
3075 3020
                    ALOGV("\tLVM_ERROR : Volume_command cmdCode Case: "
3076 3021
                            "EFFECT_CMD_SET_PARAM: ERROR");
3077 3022
                    return -EINVAL;
......
3087 3032

  
3088 3033
        case EFFECT_CMD_ENABLE:
3089 3034
            ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_ENABLE start");
3090
            if (pReplyData == NULL || *replySize != sizeof(int)){
3035
            if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)) {
3091 3036
                ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: EFFECT_CMD_ENABLE: ERROR");
3092 3037
                return -EINVAL;
3093 3038
            }
......
3097 3042

  
3098 3043
        case EFFECT_CMD_DISABLE:
3099 3044
            //ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_DISABLE start");
3100
            if (pReplyData == NULL || *replySize != sizeof(int)){
3045
            if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)) {
3101 3046
                ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: EFFECT_CMD_DISABLE: ERROR");
3102 3047
                return -EINVAL;
3103 3048
            }
......
3107 3052
        case EFFECT_CMD_SET_DEVICE:
3108 3053
        {
3109 3054
            ALOGV("\tEffect_command cmdCode Case: EFFECT_CMD_SET_DEVICE start");
3055
            if (pCmdData   == NULL){
3056
                ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: EFFECT_CMD_SET_DEVICE: ERROR");
3057
                return -EINVAL;
3058
            }
3059

  
3110 3060
            uint32_t device = *(uint32_t *)pCmdData;
3111 3061

  
3112 3062
            if (pContext->EffectType == LVM_BASS_BOOST) {
......
3193 3143
                break;
3194 3144
            }
3195 3145

  
3196
            if (pCmdData == NULL ||
3197
                cmdSize != 2 * sizeof(uint32_t)) {
3146
            if (pCmdData == NULL || cmdSize != 2 * sizeof(uint32_t) || pReplyData == NULL ||
3147
                    replySize == NULL || *replySize < 2*sizeof(int32_t)) {
3198 3148
                ALOGV("\tLVM_ERROR : Effect_command cmdCode Case: "
3199 3149
                        "EFFECT_CMD_SET_VOLUME: ERROR");
3200 3150
                return -EINVAL;
media/libeffects/lvm/wrapper/Reverb/EffectReverb.cpp
212 212
}     /* end EffectQueryEffect */
213 213

  
214 214
extern "C" int EffectCreate(const effect_uuid_t *uuid,
215
                            int32_t             sessionId,
216
                            int32_t             ioId,
215
                            int32_t             sessionId __unused,
216
                            int32_t             ioId __unused,
217 217
                            effect_handle_t  *pHandle){
218 218
    int ret;
219 219
    int i;
......
1936 1936
            //ALOGV("\tReverb_command cmdCode Case: "
1937 1937
            //        "EFFECT_CMD_INIT start");
1938 1938

  
1939
            if (pReplyData == NULL || *replySize != sizeof(int)){
1939
            if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)){
1940 1940
                ALOGV("\tLVM_ERROR : Reverb_command cmdCode Case: "
1941 1941
                        "EFFECT_CMD_INIT: ERROR");
1942 1942
                return -EINVAL;
......
1947 1947
        case EFFECT_CMD_SET_CONFIG:
1948 1948
            //ALOGV("\tReverb_command cmdCode Case: "
1949 1949
            //        "EFFECT_CMD_SET_CONFIG start");
1950
            if (pCmdData == NULL ||
1951
                cmdSize != sizeof(effect_config_t) ||
1952
                pReplyData == NULL ||
1953
                *replySize != sizeof(int)) {
1950
            if (pCmdData == NULL || cmdSize != sizeof(effect_config_t) ||
1951
                    pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)) {
1954 1952
                ALOGV("\tLVM_ERROR : Reverb_command cmdCode Case: "
1955 1953
                        "EFFECT_CMD_SET_CONFIG: ERROR");
1956 1954
                return -EINVAL;
......
1960 1958
            break;
1961 1959

  
1962 1960
        case EFFECT_CMD_GET_CONFIG:
1963
            if (pReplyData == NULL ||
1964
                *replySize != sizeof(effect_config_t)) {
1961
            if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(effect_config_t)) {
1965 1962
                ALOGV("\tLVM_ERROR : Reverb_command cmdCode Case: "
1966 1963
                        "EFFECT_CMD_GET_CONFIG: ERROR");
1967 1964
                return -EINVAL;
......
1979 1976
        case EFFECT_CMD_GET_PARAM:{
1980 1977
            //ALOGV("\tReverb_command cmdCode Case: "
1981 1978
            //        "EFFECT_CMD_GET_PARAM start");
1982
            if (pCmdData == NULL ||
1983
                    cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)) ||
1984
                    pReplyData == NULL ||
1985
                    *replySize < (int) (sizeof(effect_param_t) + sizeof(int32_t))){
1979
            effect_param_t *p = (effect_param_t *)pCmdData;
1980

  
1981
            if (pCmdData == NULL || cmdSize < sizeof(effect_param_t) ||
1982
                    cmdSize < (sizeof(effect_param_t) + p->psize) ||
1983
                    pReplyData == NULL || replySize == NULL ||
1984
                    *replySize < (sizeof(effect_param_t) + p->psize)) {
1986 1985
                ALOGV("\tLVM_ERROR : Reverb_command cmdCode Case: "
1987 1986
                        "EFFECT_CMD_GET_PARAM: ERROR");
1988 1987
                return -EINVAL;
1989 1988
            }
1990
            effect_param_t *p = (effect_param_t *)pCmdData;
1991 1989

  
1992 1990
            memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);
1993 1991

  
......
2018 2016
            //        *replySize,
2019 2017
            //        *(int16_t *)((char *)pCmdData + sizeof(effect_param_t) + sizeof(int32_t)));
2020 2018

  
2021
            if (pCmdData == NULL || (cmdSize < (int)(sizeof(effect_param_t) + sizeof(int32_t)))
2022
                    || pReplyData == NULL || *replySize != (int)sizeof(int32_t)) {
2019
            if (pCmdData == NULL || (cmdSize < (sizeof(effect_param_t) + sizeof(int32_t))) ||
2020
                    pReplyData == NULL ||  replySize == NULL || *replySize != sizeof(int32_t)) {
2023 2021
                ALOGV("\tLVM_ERROR : Reverb_command cmdCode Case: "
2024 2022
                        "EFFECT_CMD_SET_PARAM: ERROR");
2025 2023
                return -EINVAL;
media/libeffects/preprocessing/PreProcessing.cpp
575 575
    return 0;
576 576
}
577 577

  
578
int NsGetParameter(preproc_effect_t     *effect,
579
                   void              *pParam,
580
                   size_t            *pValueSize,
581
                   void              *pValue)
578
int NsGetParameter(preproc_effect_t  *effect __unused,
579
                   void              *pParam __unused,
580
                   uint32_t          *pValueSize __unused,
581
                   void              *pValue __unused)
582 582
{
583 583
    int status = 0;
584 584
    return status;
585 585
}
586 586

  
587
int NsSetParameter (preproc_effect_t *effect, void *pParam, void *pValue)
587
int NsSetParameter (preproc_effect_t *effect __unused,
588
                    void *pParam __unused,
589
                    void *pValue __unused)
588 590
{
589 591
    int status = 0;
590 592
    return status;
......
1434 1436
            }
1435 1437
            break;
1436 1438

  
1437
        case EFFECT_CMD_GET_PARAM:{
1438
            if (pCmdData == NULL ||
1439
                    cmdSize < (int)sizeof(effect_param_t) ||
1440
                    pReplyData == NULL ||
1441
                    *replySize < (int)sizeof(effect_param_t)){
1439
        case EFFECT_CMD_GET_PARAM: {
1440
            effect_param_t *p = (effect_param_t *)pCmdData;
1441

  
1442
            if (pCmdData == NULL || cmdSize < sizeof(effect_param_t) ||
1443
                    cmdSize < (sizeof(effect_param_t) + p->psize) ||
1444
                    pReplyData == NULL || replySize == NULL ||
1445
                    *replySize < (sizeof(effect_param_t) + p->psize)){
1442 1446
                ALOGV("PreProcessingFx_Command cmdCode Case: "
1443 1447
                        "EFFECT_CMD_GET_PARAM: ERROR");
1444 1448
                return -EINVAL;
1445 1449
            }
1446
            effect_param_t *p = (effect_param_t *)pCmdData;
1447 1450

  
1448 1451
            memcpy(pReplyData, pCmdData, sizeof(effect_param_t) + p->psize);
1449 1452

  
......
1461 1464

  
1462 1465
        case EFFECT_CMD_SET_PARAM:{
1463 1466
            if (pCmdData == NULL||
1464
                    cmdSize < (int)sizeof(effect_param_t) ||
1465
                    pReplyData == NULL ||
1467
                    cmdSize < sizeof(effect_param_t) ||
1468
                    pReplyData == NULL || replySize == NULL ||
1466 1469
                    *replySize != sizeof(int32_t)){
1467 1470
                ALOGV("PreProcessingFx_Command cmdCode Case: "
1468 1471
                        "EFFECT_CMD_SET_PARAM: ERROR");
......
1483 1486
        } break;
1484 1487

  
1485 1488
        case EFFECT_CMD_ENABLE:
1486
            if (pReplyData == NULL || *replySize != sizeof(int)){
1489
            if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)){
1487 1490
                ALOGV("PreProcessingFx_Command cmdCode Case: EFFECT_CMD_ENABLE: ERROR");
1488 1491
                return -EINVAL;
1489 1492
            }
......
1491 1494
            break;
1492 1495

  
1493 1496
        case EFFECT_CMD_DISABLE:
1494
            if (pReplyData == NULL || *replySize != sizeof(int)){
1497
            if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)){
1495 1498
                ALOGV("PreProcessingFx_Command cmdCode Case: EFFECT_CMD_DISABLE: ERROR");
1496 1499
                return -EINVAL;
1497 1500
            }
......
1711 1714

  
1712 1715
int PreProcessingFx_ProcessReverse(effect_handle_t     self,
1713 1716
                                   audio_buffer_t    *inBuffer,
1714
                                   audio_buffer_t    *outBuffer)
1717
                                   audio_buffer_t    *outBuffer __unused)
1715 1718
{
1716 1719
    preproc_effect_t * effect = (preproc_effect_t *)self;
1717 1720
    int    status = 0;
media/libeffects/visualizer/EffectVisualizer.cpp
367 367

  
368 368
    switch (cmdCode) {
369 369
    case EFFECT_CMD_INIT:
370
        if (pReplyData == NULL || *replySize != sizeof(int)) {
370
        if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)) {
371 371
            return -EINVAL;
372 372
        }
373 373
        *(int *) pReplyData = Visualizer_init(pContext);
374 374
        break;
375 375
    case EFFECT_CMD_SET_CONFIG:
376 376
        if (pCmdData == NULL || cmdSize != sizeof(effect_config_t)
377
                || pReplyData == NULL || *replySize != sizeof(int)) {
377
                || pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)) {
378 378
            return -EINVAL;
379 379
        }
380 380
        *(int *) pReplyData = Visualizer_setConfig(pContext,
381 381
                (effect_config_t *) pCmdData);
382 382
        break;
383 383
    case EFFECT_CMD_GET_CONFIG:
384
        if (pReplyData == NULL ||
384
        if (pReplyData == NULL || replySize == NULL ||
385 385
            *replySize != sizeof(effect_config_t)) {
386 386
            return -EINVAL;
387 387
        }
......
391 391
        Visualizer_reset(pContext);
392 392
        break;
393 393
    case EFFECT_CMD_ENABLE:
394
        if (pReplyData == NULL || *replySize != sizeof(int)) {
394
        if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)) {
395 395
            return -EINVAL;
396 396
        }
397 397
        if (pContext->mState != VISUALIZER_STATE_INITIALIZED) {
......
402 402
        *(int *)pReplyData = 0;
403 403
        break;
404 404
    case EFFECT_CMD_DISABLE:
405
        if (pReplyData == NULL || *replySize != sizeof(int)) {
405
        if (pReplyData == NULL || replySize == NULL || *replySize != sizeof(int)) {
406 406
            return -EINVAL;
407 407
        }
408 408
        if (pContext->mState != VISUALIZER_STATE_ACTIVE) {
......
415 415
    case EFFECT_CMD_GET_PARAM: {
416 416
        if (pCmdData == NULL ||
417 417
            cmdSize != (int)(sizeof(effect_param_t) + sizeof(uint32_t)) ||
418
            pReplyData == NULL ||
418
            pReplyData == NULL || replySize == NULL ||
419 419
            *replySize < (int)(sizeof(effect_param_t) + sizeof(uint32_t) + sizeof(uint32_t))) {
420 420
            return -EINVAL;
421 421
        }
......
447 447
    case EFFECT_CMD_SET_PARAM: {
448 448
        if (pCmdData == NULL ||
449 449
            cmdSize != (int)(sizeof(effect_param_t) + sizeof(uint32_t) + sizeof(uint32_t)) ||
450
            pReplyData == NULL || *replySize != sizeof(int32_t)) {
450
            pReplyData == NULL || replySize == NULL || *replySize != sizeof(int32_t)) {
451 451
            return -EINVAL;
452 452
        }
453 453
        *(int32_t *)pReplyData = 0;
......
480 480

  
481 481

  
482 482
    case VISUALIZER_CMD_CAPTURE:
483
        if (pReplyData == NULL || *replySize != pContext->mCaptureSize) {
483
        if (pReplyData == NULL || replySize == NULL || *replySize != pContext->mCaptureSize) {
484 484
            ALOGV("VISUALIZER_CMD_CAPTURE() error *replySize %d pContext->mCaptureSize %d",
485 485
                    *replySize, pContext->mCaptureSize);
486 486
            return -EINVAL;
    (1-1/1)