Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c5f312b8 authored by Edwin Wong's avatar Edwin Wong Committed by Automerger Merge Worker
Browse files

Fix potential decrypt src pointer overflow. am: c14f2628 am: 107233b3 am:... 

Fix potential decrypt src pointer overflow. am: c14f2628 am: 107233b3 am: e289b4aa am: 92d4d99b

Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/13472562

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I726f9314c913abc14f267cd57a9b80e5542b0950
parents 7f6f8f52 92d4d99b

drm/1.0/default/CryptoPlugin.cpp

+5 −1
Original line number Diff line number Diff line
@@ -124,7 +124,11 @@ namespace implementation { 
            return Void();

        }



        if (source.offset + offset + source.size > sourceBase->getSize()) {

        size_t totalSize = 0;

        if (__builtin_add_overflow(source.offset, offset, &totalSize) ||

            __builtin_add_overflow(totalSize, source.size, &totalSize) ||

            totalSize > sourceBase->getSize()) {

            android_errorWriteLog(0x534e4554, "176496160");

            _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");

            return Void();

        }