Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 38d27e7b authored by Edwin Wong's avatar Edwin Wong
Browse files

Fix heap buffer overflow for releaseSecureStops. 

If the input SecureStopRelease size is less than sizeof(uint32_t)
in releaseSecureStops(), an out of bound read will occur.

bug: 144766455
bug: 144746235
bug: 147281068

Test: sts
ANDROID_BUILD_TOP= ./android-sts/tools/sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Poc19_11#testPocBug_144766455

Change-Id: I8c89797869addf83342a4f32e17bce0515713119
parent f9cd09f6
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment