Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0ef6e5e6 authored by Edwin Wong's avatar Edwin Wong Committed by Automerger Merge Worker
Browse files

Merge "Fix potential decrypt destPtr overflow." into rvc-dev am: 5b3fc840 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/av/+/13467358

Change-Id: If6f6cc6798f4cdcd59b65442f98eedf0607c61c1
parents 56af5904 5b3fc840

drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp

+5 −3
Original line number Diff line number Diff line
@@ -142,13 +142,15 @@ Return<void> CryptoPlugin::decrypt_1_2( 


    base = static_cast<uint8_t *>(static_cast<void *>(destBase->getPointer()));



    if (destBuffer.offset + destBuffer.size > destBase->getSize()) {

    totalSize = 0;

    if (__builtin_add_overflow(destBuffer.offset, destBuffer.size, &totalSize) ||

        totalSize > destBase->getSize()) {

        android_errorWriteLog(0x534e4554, "176444622");

        _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "invalid buffer size");

        return Void();

    }

    destPtr = static_cast<void*>(base + destination.nonsecureMemory.offset);





    // Calculate the output buffer size and determine if any subsamples are

    // encrypted.

    size_t destSize = 0;