Merge "Revert "[RESTRICT AUTOMERGE] Fix WVCryptoPlugin use after free vulnerability."" into pi-dev
This commit is contained in:
TreeHugger Robot
committed by
Android (Google) Code Review
Android (Google) Code Review
commit
28016986f5
@@ -69,8 +69,6 @@ LOCAL_SHARED_LIBRARIES := \
|
||||
libhidlmemory \
|
||||
liblog
|
||||
|
||||
LOCAL_CFLAGS := -Wthread-safety
|
||||
|
||||
LOCAL_MODULE := libwvdrmcryptoplugin_hidl
|
||||
LOCAL_PROPRIETARY_MODULE := true
|
||||
|
||||
|
||||
@@ -10,8 +10,6 @@
|
||||
#include <android/hardware/drm/1.0/ICryptoPlugin.h>
|
||||
#include <android/hidl/memory/1.0/IMemory.h>
|
||||
|
||||
#include <mutex>
|
||||
|
||||
#include "wv_content_decryption_module.h"
|
||||
#include "WVTypes.h"
|
||||
|
||||
@@ -62,13 +60,13 @@ struct WVCryptoPlugin : public ICryptoPlugin {
|
||||
const SharedBuffer& source,
|
||||
uint64_t offset,
|
||||
const DestinationBuffer& destination,
|
||||
decrypt_cb _hidl_cb) override NO_THREAD_SAFETY_ANALYSIS; // use unique_lock
|
||||
decrypt_cb _hidl_cb) override;
|
||||
|
||||
private:
|
||||
WVDRM_DISALLOW_COPY_AND_ASSIGN_AND_NEW(WVCryptoPlugin);
|
||||
|
||||
wvcdm::CdmSessionId mSessionId;
|
||||
std::map<uint32_t, sp<IMemory> > mSharedBufferMap GUARDED_BY(mSharedBufferLock);
|
||||
std::map<uint32_t, sp<IMemory> > mSharedBufferMap;
|
||||
|
||||
sp<wvcdm::WvContentDecryptionModule> const mCDM;
|
||||
|
||||
@@ -78,8 +76,6 @@ struct WVCryptoPlugin : public ICryptoPlugin {
|
||||
static wvcdm::CdmResponseType countEncryptedBlocksInPatternedRange(
|
||||
size_t range, const Pattern& pattern, uint64_t* result);
|
||||
static void incrementIV(uint64_t increaseBy, std::vector<uint8_t>* ivPtr);
|
||||
|
||||
std::mutex mSharedBufferLock;
|
||||
};
|
||||
|
||||
} // namespace widevine
|
||||
|
||||
@@ -100,8 +100,6 @@ Return<void> WVCryptoPlugin::setSharedBufferBase(
|
||||
sp<IMemory> hidlMemory = mapMemory(base);
|
||||
ALOGE_IF(hidlMemory == nullptr, "mapMemory returns nullptr");
|
||||
|
||||
std::lock_guard<std::mutex> shared_buffer_lock(mSharedBufferLock);
|
||||
|
||||
// allow mapMemory to return nullptr
|
||||
mSharedBufferMap[bufferId] = hidlMemory;
|
||||
return Void();
|
||||
@@ -118,7 +116,7 @@ Return<void> WVCryptoPlugin::decrypt(
|
||||
uint64_t offset,
|
||||
const DestinationBuffer& destination,
|
||||
decrypt_cb _hidl_cb) {
|
||||
std::unique_lock<std::mutex> lock(mSharedBufferLock);
|
||||
|
||||
if (mSharedBufferMap.find(source.bufferId) == mSharedBufferMap.end()) {
|
||||
_hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0,
|
||||
"source decrypt buffer base not set");
|
||||
@@ -189,9 +187,6 @@ Return<void> WVCryptoPlugin::decrypt(
|
||||
destPtr = static_cast<void *>(handle);
|
||||
}
|
||||
|
||||
// release mSharedBufferLock
|
||||
lock.unlock();
|
||||
|
||||
// Calculate the output buffer size and determine if any subsamples are
|
||||
// encrypted.
|
||||
size_t destSize = 0;
|
||||
|
||||
Reference in New Issue
Block a user