widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix potential decrypt src pointer overflow. am: c3a24e6c86 am: 25f89c373c

Browse Source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/vendor/widevine/+/13421305

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ie5c32617a1ebbed4805aa0a048a2ab92ff958c11
This commit is contained in:
Edwin Wong
2021-02-03 00:35:53 +00:00
committed by Automerger Merge Worker
parent da09f4abca 25f89c373c
commit 15ba854123
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp
View File

@@ -199,7 +199,11 @@ Return<void> WVCryptoPlugin::decrypt_1_2(
return Void();
}
if (source.offset + offset + source.size > sourceBase->getSize()) {
size_t totalSrcSize = 0;
if (__builtin_add_overflow(source.offset, offset, &totalSrcSize) ||
__builtin_add_overflow(totalSrcSize, source.size, &totalSrcSize) ||
totalSrcSize > sourceBase->getSize()) {
android_errorWriteLog(0x534e4554, "176496160");
_hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
return Void();
}