widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix potential decrypt src pointer overflow. am: c3a24e6c86

Browse Source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/vendor/widevine/+/13421305

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I243e7a6e4ea799af9759be2ee41f9d9ff7805f0e
This commit is contained in:
Edwin Wong
2021-02-03 00:03:49 +00:00
committed by Automerger Merge Worker
parent 9a530b7f1e c3a24e6c86
commit 25f89c373c
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp
View File

@@ -192,7 +192,11 @@ Return<void> WVCryptoPlugin::decrypt_1_2(
return Void();
}
if (source.offset + offset + source.size > sourceBase->getSize()) {
size_t totalSrcSize = 0;
if (__builtin_add_overflow(source.offset, offset, &totalSrcSize) ||
__builtin_add_overflow(totalSrcSize, source.size, &totalSrcSize) ||
totalSrcSize > sourceBase->getSize()) {
android_errorWriteLog(0x534e4554, "176496160");
_hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
return Void();
}