diff --git a/audio/effect/config/src/parse_effect_config.c b/audio/effect/config/src/parse_effect_config.c index e6990dad3275a4511365221823ed57fd4b0874d1..b561bfa100f60d8b220d8c59cf4113b444466fc0 100644 --- a/audio/effect/config/src/parse_effect_config.c +++ b/audio/effect/config/src/parse_effect_config.c @@ -234,7 +234,7 @@ static int32_t AudioEffectGetEffectCfgDescs(cJSON *cJsonObj, const char *item, s } effectNum = (uint32_t)cJSON_GetArraySize(effectsObj); - if (effectNum == 0) { + if (effectNum == 0 || effectNum > HDF_EFFECT_NUM_MAX) { HDF_LOGE("%{public}s: effectNum invalid, effectNum = %{public}d!", __func__, effectNum); return HDF_FAILURE; } @@ -321,7 +321,7 @@ static int32_t AudioEffectGetLibraryCfgDescs(cJSON *cJsonObj, const char *item, } libNum = (uint32_t)cJSON_GetArraySize(libsObj); - if (libNum == 0) { + if (libNum == 0 || libNum > HDF_EFFECT_NUM_MAX) { HDF_LOGE("%{public}s: libNum invalid, libNum = %{public}d!", __func__, libNum); return HDF_FAILURE; } diff --git a/audio/hal/pathselect/src/audio_pathselect.c b/audio/hal/pathselect/src/audio_pathselect.c index 4fc12160432a819dc4d0592c1df94a7539b4aa8d..027fd4802a987b799aa00b3a868e98b665561f69 100644 --- a/audio/hal/pathselect/src/audio_pathselect.c +++ b/audio/hal/pathselect/src/audio_pathselect.c @@ -40,6 +40,8 @@ #define AUDIO_DEV_ON 1 #define AUDIO_DEV_OFF 0 +#define HDF_PATH_NUM_MAX 32 + static cJSON *g_cJsonObj = NULL; int32_t AudioPathSelGetConfToJsonObj(void) @@ -142,8 +144,8 @@ static int32_t SetRenderPathDefaultValue(cJSON *renderSwObj, struct AudioHwRende renderDevNum = renderParam->renderMode.hwInfo.pathSelect.deviceInfo.deviceNum; int32_t renderPathNum = cJSON_GetArraySize(renderSwObj); - if (renderPathNum < 0) { - AUDIO_FUNC_LOGE("renderPathNum is less than zero!"); + if (renderPathNum < 0 || renderPathNum > HDF_PATH_NUM_MAX) { + AUDIO_FUNC_LOGE("renderPathNum is invalid!"); return HDF_FAILURE; } for (int32_t i = 0; i < renderPathNum; i++) { @@ -183,8 +185,8 @@ static int32_t SetCapturePathDefaultValue(cJSON *captureSwObj, struct AudioHwCap int32_t devNum = captureParam->captureMode.hwInfo.pathSelect.deviceInfo.deviceNum; int32_t pathNum = cJSON_GetArraySize(captureSwObj); - if (pathNum < 0) { - AUDIO_FUNC_LOGE("pathNum is less than zero!"); + if (pathNum < 0 || pathNum > HDF_PATH_NUM_MAX) { + AUDIO_FUNC_LOGE("pathNum is invalid!"); return HDF_FAILURE; } for (int32_t i = 0; i < pathNum; i++) { @@ -232,8 +234,8 @@ static int32_t SetRenderPathValue( /* pins = 0, parse default value */ if (strcasecmp(renderDeviceType, renderObj->string) == 0) { int32_t pathNum = cJSON_GetArraySize(renderObj); - if (pathNum < 0) { - AUDIO_FUNC_LOGE("pathNum is less than zero!"); + if (pathNum < 0 || pathNum > HDF_PATH_NUM_MAX) { + AUDIO_FUNC_LOGE("pathNum is invalid!"); return HDF_FAILURE; } for (int32_t i = 0; i < pathNum; i++) { @@ -412,8 +414,8 @@ static int32_t AudioRenderParseUsecase(struct AudioHwRenderParam *renderParam, c } int32_t len = cJSON_GetArraySize(useCaseList); - if (len < 0) { - AUDIO_FUNC_LOGE("len is less than zero!"); + if (len < 0 || len > HDF_PATH_NUM_MAX) { + AUDIO_FUNC_LOGE("len is invalid!"); return HDF_FAILURE; } for (int32_t i = 0; i < len; i++) { @@ -457,8 +459,8 @@ static int32_t SetCapturePathValue( int32_t devNum = captureParam->captureMode.hwInfo.pathSelect.deviceInfo.deviceNum; if (strcasecmp(captureDeviceType, captureSwitchObj->string) == 0) { int32_t pathNum = cJSON_GetArraySize(captureSwitchObj); - if (pathNum < 0) { - AUDIO_FUNC_LOGE("pathNum is less than zero!"); + if (pathNum < 0 || pathNum > HDF_PATH_NUM_MAX) { + AUDIO_FUNC_LOGE("pathNum is invalid!"); return HDF_FAILURE; } for (int32_t i = 0; i < pathNum; i++) { @@ -642,8 +644,8 @@ static int32_t AudioCaptureParseUsecase(struct AudioHwCaptureParam *captureParam } int32_t len = cJSON_GetArraySize(useCaseList); - if (len < 0) { - AUDIO_FUNC_LOGE("len is less than zero!"); + if (len < 0 || len > HDF_PATH_NUM_MAX) { + AUDIO_FUNC_LOGE("len is invalid!"); return HDF_FAILURE; } for (int32_t i = 0; i < len; i++) { diff --git a/audio/hdi_service/primary_impl/vdi_src/audio_capture_vdi.c b/audio/hdi_service/primary_impl/vdi_src/audio_capture_vdi.c index 10e8bb802ff50b9447973c55e2892a57914027b3..620b3e3054ad89bd45b6e85cd44e94737ae92f6b 100644 --- a/audio/hdi_service/primary_impl/vdi_src/audio_capture_vdi.c +++ b/audio/hdi_service/primary_impl/vdi_src/audio_capture_vdi.c @@ -798,7 +798,6 @@ struct IAudioCapture *FindCaptureCreated(enum AudioPortPin pin, const struct Aud static uint32_t GetAvailableCaptureId(struct AudioCapturePrivVdi *capturePriv) { uint32_t captureId = AUDIO_VDI_STREAM_NUM_MAX; - uint32_t index = 0; if (capturePriv == NULL) { AUDIO_FUNC_LOGE("Parameter error!"); return captureId; @@ -808,7 +807,7 @@ static uint32_t GetAvailableCaptureId(struct AudioCapturePrivVdi *capturePriv) captureId = capturePriv->captureCnt; capturePriv->captureCnt++; } else { - for (index = 0; index < AUDIO_VDI_STREAM_NUM_MAX; index++) { + for (uint32_t index = 0; index < AUDIO_VDI_STREAM_NUM_MAX; index++) { if (capturePriv->captureInfos[index] == NULL) { captureId = index; break; diff --git a/audio/hdi_service/primary_impl/vdi_src/audio_manager_vdi.c b/audio/hdi_service/primary_impl/vdi_src/audio_manager_vdi.c index 10323992926219d45a245ebd7abdeae51a8cc5e7..50b6217cf6d9b7a7a72d8a686ef7fc035e236e20 100644 --- a/audio/hdi_service/primary_impl/vdi_src/audio_manager_vdi.c +++ b/audio/hdi_service/primary_impl/vdi_src/audio_manager_vdi.c @@ -179,7 +179,7 @@ static int32_t AudioManagerDescToVdiDesc(const struct AudioAdapterDescriptor *de static int32_t AudioManagerVdiDescsToDescs(struct AudioAdapterDescriptorVdi *vdiDescs, uint32_t vdiDescsCount, struct AudioAdapterDescriptor *descs, uint32_t *descsCount) { - if (vdiDescsCount <= 0 || vdiDescsCount > AUDIO_VDI_ADAPTER_NUM_MAX) { + if (vdiDescsCount == 0 || vdiDescsCount > AUDIO_VDI_ADAPTER_NUM_MAX) { AUDIO_FUNC_LOGE("audio vdiDescsCount=%{public}d is error", vdiDescsCount); return HDF_ERR_NOT_SUPPORT; } diff --git a/audio/hdi_service/primary_impl/vdi_src/audio_render_vdi.c b/audio/hdi_service/primary_impl/vdi_src/audio_render_vdi.c index de7b032dd0c81128a3b3c54e801ba7fa49540cc2..7165b1cf7748219b2dfcaaaa20002cd5fc3ac689 100644 --- a/audio/hdi_service/primary_impl/vdi_src/audio_render_vdi.c +++ b/audio/hdi_service/primary_impl/vdi_src/audio_render_vdi.c @@ -875,7 +875,6 @@ struct IAudioRender *FindRenderCreated(enum AudioPortPin pin, const struct Audio static uint32_t GetAvailableRenderId(struct AudioRenderPrivVdi *renderPriv) { uint32_t renderId = AUDIO_VDI_STREAM_NUM_MAX; - uint32_t index = 0; if (renderPriv == NULL) { AUDIO_FUNC_LOGE("Parameter error!"); return renderId; @@ -885,7 +884,7 @@ static uint32_t GetAvailableRenderId(struct AudioRenderPrivVdi *renderPriv) renderId = renderPriv->renderCnt; renderPriv->renderCnt++; } else { - for (index = 0; index < AUDIO_VDI_STREAM_NUM_MAX; index++) { + for (uint32_t index = 0; index < AUDIO_VDI_STREAM_NUM_MAX; index++) { if (renderPriv->renderInfos[index] == NULL) { renderId = index; break;