Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5e7e87a3 authored by Jeff Tinker's avatar Jeff Tinker
Browse files

DO NOT MERGE Fix vulnerability in mediaserver 

ICrypto.cpp: ASLR bypass using DECRYPT IPC

bug: 24074485
Change-Id: Ia12942d6b86adde28745908d36a728ab5d69a037
parent f3eb8268

media/libmedia/ICrypto.cpp

+2 −0
Original line number Diff line number Diff line
@@ -236,6 +236,7 @@ status_t BnCrypto::onTransact( 


            size_t totalSize = data.readInt32();

            void *srcData = malloc(totalSize);

            memset(srcData, 0, totalSize);

            data.read(srcData, totalSize);



            int32_t numSubSamples = data.readInt32();
@@ -252,6 +253,7 @@ status_t BnCrypto::onTransact( 
                secureBufferId = reinterpret_cast<void *>(static_cast<uintptr_t>(data.readInt64()));

            } else {

                dstPtr = malloc(totalSize);

                memset(dstPtr, 0, totalSize);

            }



            AString errorDetailMsg;