widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix potential decrypt src pointer overflow. am: c3a24e6c86 am: 25f89c373c am: 15ba854123 am: 0126cc541f

Browse Source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/vendor/widevine/+/13421305

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I1644e541f8f21e85f58b600880537da9bd7d9301
This commit is contained in:
Edwin Wong
2021-02-03 01:33:24 +00:00
committed by Automerger Merge Worker
parent dd140c463c 0126cc541f
commit cd37425acb
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp
View File

@@ -199,7 +199,11 @@ Return<void> WVCryptoPlugin::decrypt_1_2(
return Void();
}
if (source.offset + offset + source.size > sourceBase->getSize()) {
size_t totalSrcSize = 0;
if (__builtin_add_overflow(source.offset, offset, &totalSrcSize) ||
__builtin_add_overflow(totalSrcSize, source.size, &totalSrcSize) ||
totalSrcSize > sourceBase->getSize()) {
android_errorWriteLog(0x534e4554, "176496160");
_hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
return Void();
}