frameworks/av
| Revision | bcd4eaae518a8185726fd440fca9e3b6eee6a1ff (tree) |
|---|---|
| Time | 2020-02-12 04:06:52 |
| Author | Edwin Wong <edwinwong@goog...> |
| Commiter | android-build-team Robot |
[DO NOT MERGE] Fix heap buffer overflow in clearkey CryptoPlugin::decrypt
Fix destPtr was not pointing to destination raw pointer.
bug: 144506242
Test: sts
Change-Id: Ia1b8f755daaada2f1411abeb3cb5b832a72b3c82
(cherry picked from commit 8464bfa975afe360bb8e3dd59c036ce4a4995fa8)
| @@ -136,6 +136,8 @@ Return<void> CryptoPlugin::decrypt_1_2( | ||
| 136 | 136 | return Void(); |
| 137 | 137 | } |
| 138 | 138 | |
| 139 | + base = static_cast<uint8_t *>(static_cast<void *>(destBase->getPointer())); | |
| 140 | + | |
| 139 | 141 | if (destBuffer.offset + destBuffer.size > destBase->getSize()) { |
| 140 | 142 | _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "invalid buffer size"); |
| 141 | 143 | return Void(); |
Fork
drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp