Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c732dd92 authored by Edwin Wong's avatar Edwin Wong Committed by Automerger Merge Worker
Browse files

Fix potential decrypt src pointer overflow. am: 9bae1251 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/av/+/13420866

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I38fecb53d053c0b3255be5bb345b9a496df38b95
parents 2bccb468 9bae1251

drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp

+5 −1
Original line number Diff line number Diff line
@@ -119,7 +119,11 @@ Return<void> CryptoPlugin::decrypt_1_2( 
        return Void();

    }



    if (source.offset + offset + source.size > sourceBase->getSize()) {

    size_t totalSize = 0;

    if (__builtin_add_overflow(source.offset, offset, &totalSize) ||

        __builtin_add_overflow(totalSize, source.size, &totalSize) ||

        totalSize > sourceBase->getSize()) {

        android_errorWriteLog(0x534e4554, "176496160");

        _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");

        return Void();

    }