Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0ef6e5e6 authored by Edwin Wong's avatar Edwin Wong Committed by Automerger Merge Worker
Browse files

Merge "Fix potential decrypt destPtr overflow." into rvc-dev am: 5b3fc840

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/av/+/13467358

Change-Id: If6f6cc6798f4cdcd59b65442f98eedf0607c61c1
parents 56af5904 5b3fc840
Loading
Loading
Loading
Loading
+5 −3
Original line number Diff line number Diff line
@@ -142,13 +142,15 @@ Return<void> CryptoPlugin::decrypt_1_2(

    base = static_cast<uint8_t *>(static_cast<void *>(destBase->getPointer()));

    if (destBuffer.offset + destBuffer.size > destBase->getSize()) {
    totalSize = 0;
    if (__builtin_add_overflow(destBuffer.offset, destBuffer.size, &totalSize) ||
        totalSize > destBase->getSize()) {
        android_errorWriteLog(0x534e4554, "176444622");
        _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "invalid buffer size");
        return Void();
    }
    destPtr = static_cast<void*>(base + destination.nonsecureMemory.offset);


    // Calculate the output buffer size and determine if any subsamples are
    // encrypted.
    size_t destSize = 0;