diff options
| author | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2021-05-15 20:38:55 +0300 |
|---|---|---|
| committer | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2021-05-18 14:45:29 +0300 |
| commit | 2a103ba17ef2984dd59a31c1138414c4e0177cb0 (patch) | |
| tree | 137185d7034cf25d88156626b9c33c30df856706 /src/android/camera_metadata.cpp | |
| parent | d189248302340909407f40a880af8a181dfd6203 (diff) | |
android: camera_metadata: Add type sanity check to updateEntry()
The CameraMetadata::updateEntry() functions cast the data pointer to a
void pointer, which is then used internally to call
update_camera_metadata_entry(). If the caller passes a pointer to an
incorrect data type, the behaviour is undefined, with possible crashes
if the incorrect data type is smaller than expected by the Android
metadata library.
To avoid crashes, make all public updateEntry() functions take typed
pointers, and pass the element size to the internal function. The
element size is then checked against the expected size, and an error
message logged if they don't match. This won't catch incorrect data
types that have the same size as the correct type, but will at least
avoid potential crashes.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Hirokazu Honda <hiroh@chromium.org>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Reviewed-by: Paul Elder <paul.elder@ideasonboard.com>
Tested-by: Paul Elder <paul.elder@ideasonboard.com>
Diffstat (limited to 'src/android/camera_metadata.cpp')
| -rw-r--r-- | src/android/camera_metadata.cpp | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/android/camera_metadata.cpp b/src/android/camera_metadata.cpp index 59366c50..ebe43ba4 100644 --- a/src/android/camera_metadata.cpp +++ b/src/android/camera_metadata.cpp @@ -137,7 +137,8 @@ bool CameraMetadata::addEntry(uint32_t tag, const void *data, size_t count, return false; } -bool CameraMetadata::updateEntry(uint32_t tag, const void *data, size_t count) +bool CameraMetadata::updateEntry(uint32_t tag, const void *data, size_t count, + size_t elementSize) { if (!valid_) return false; @@ -152,6 +153,14 @@ bool CameraMetadata::updateEntry(uint32_t tag, const void *data, size_t count) return false; } + if (camera_metadata_type_size[entry.type] != elementSize) { + const char *name = get_camera_metadata_tag_name(tag); + LOG(CameraMetadata, Fatal) + << "Invalid element size for tag " + << (name ? name : "<unknown>"); + return false; + } + size_t oldSize = calculate_camera_metadata_entry_data_size(entry.type, entry.count); |