Merge "Fix potential decrypt destPtr overflow."

2021-02-24 22:14:08 +00:00
parent 2204d5c960 4787c8eec4
commit 49c6d9d548
1 changed files with 4 additions and 1 deletions
--- a/libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp
+++ b/libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp
@@ -221,7 +221,10 @@ Return<void> WVCryptoPlugin::decrypt_1_2(
      return Void();
    }

-    if (destBuffer.offset + destBuffer.size > destBase->getSize()) {
+    size_t totalDstSize = 0;
+    if (__builtin_add_overflow(destBuffer.offset, destBuffer.size, &totalDstSize) ||
+        totalDstSize > destBase->getSize()) {
+      android_errorWriteLog(0x534e4554, "176444622");
      _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "invalid buffer size");
      return Void();
    }