widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix potential decrypt src pointer overflow. am: c3a24e6c86 am: 25f89c373c am: 15ba854123 am: 0126cc541f am: cd37425acb

Browse Source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/vendor/widevine/+/13421305

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ia0171ddb362a84d8b08c9a429e40adab4baf1b8c
This commit is contained in:
Edwin Wong
2021-02-03 02:19:51 +00:00
committed by Automerger Merge Worker
parent f225e9876e cd37425acb
commit 2b094e710e
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp
View File

@@ -199,7 +199,11 @@ Return<void> WVCryptoPlugin::decrypt_1_2(
return Void();
}
if (source.offset + offset + source.size > sourceBase->getSize()) {
size_t totalSrcSize = 0;
if (__builtin_add_overflow(source.offset, offset, &totalSrcSize) ||
__builtin_add_overflow(totalSrcSize, source.size, &totalSrcSize) ||
totalSrcSize > sourceBase->getSize()) {
android_errorWriteLog(0x534e4554, "176496160");
_hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
return Void();
}