OEMCrypto v16.1

Merge of http://go/wvgerrit/93404

This CL updates the Widevine CDM to support OEMCrypto v16.1

Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b

libwvdrmengine/oemcrypto/odk/src/serialization_base.c

@@ -1,8 +1,6 @@
-/*
- * Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary
- * source code may only be used and distributed under the Widevine Master
- * License Agreement.
- */
+/* Copyright 2019 Google LLC. All rights reserved. This file and proprietary */
+/* source code may only be used and distributed under the Widevine Master */
+/* License Agreement. */
 
 #include "serialization_base.h"
 
@@ -117,8 +115,16 @@ void Unpack_OEMCrypto_Substring(Message* msg, OEMCrypto_Substring* obj) {
   Unpack_uint32_t(msg, &offset);
   Unpack_uint32_t(msg, &length);
   if (!ValidMessage(msg)) return;
-  size_t end = 0;
-  if (offset > msg->capacity || odk_add_overflow_ux(offset, length, &end) ||
+  /* Each substring should be contained within the message body, which is in the
+   * total message, just after the core message. The offset of a substring is
+   * relative to the message body. So we need to verify:
+   * 0 < offset and  offset + length < message->capacity - message->size
+   * or offset + length + message->size < message->capacity
+   */
+  size_t substring_end = 0; /* = offset + length; */
+  size_t end = 0;           /* = substring_end + message->size; */
+  if (odk_add_overflow_ux(offset, length, &substring_end) ||
+      odk_add_overflow_ux(substring_end, msg->size, &end) ||
       end > msg->capacity) {
     msg->status = MESSAGE_STATUS_OVERFLOW_ERROR;
     return;
@@ -188,6 +194,7 @@ size_t GetSize(Message* message) {
 
 void SetSize(Message* message, size_t size) {
   if (message == NULL) return;
+  if (size > message->capacity) message->status = MESSAGE_STATUS_OVERFLOW_ERROR;
   message->size = size;
 }