[DO NOT MERGE] Fix out of bounds buffer error in CreateCoreLicenseResponse() am: 0890df5b16

Original change: https://googleplex-android-review.googlesource.com/c/platform/vendor/widevine/+/18687130

Change-Id: I1e8539f39b2b60562f0bb688ae91380ac2bc1e69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

libwvdrmengine/oemcrypto/odk/src/core_message_serialize.cpp

@@ -13,6 +13,7 @@
 #include "odk_serialize.h"
 #include "odk_structs.h"
 #include "odk_structs_priv.h"
+#include "odk_target.h"
 #include "serialization_base.h"
 
 namespace oemcrypto_core_message {
@@ -122,6 +123,9 @@ bool CreateCoreLicenseResponse(const CoreMessageFeatures& features,
                             license_response)) {
     return false;
   }
+  if (ODK_MAX_NUM_KEYS < license_response.parsed_license->key_array_length) {
+    return false;
+  }
   if (license_response.request.core_message.nonce_values.api_major_version ==
       16) {
     ODK_LicenseResponseV16 license_response_v16;
@@ -143,7 +147,8 @@ bool CreateCoreLicenseResponse(const CoreMessageFeatures& features,
     license_response_v16.parsed_license.key_array_length =
         license_response.parsed_license->key_array_length;
     uint32_t i;
-    for (i = 0; i < license_response_v16.parsed_license.key_array_length; i++) {
+    for (i = 0; i < license_response_v16.parsed_license.key_array_length &&
+                i < license_response.parsed_license->key_array_length; i++) {
       license_response_v16.parsed_license.key_array[i] =
           license_response.parsed_license->key_array[i];
     }