widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix oemcrypto_decrypt_cenc_fuzz null reference

Browse Source 
[ Merge of http://go/wvgerrit/153669 ]

The oemcrypto_decrypt_cenc_fuzz fuzz test found a null reference error.
This adds a check to ensure that the input_buffer vector used for the
sample descriptions is not empty before attempting to access it.

Bug: 192310854
Bug: 236317198
Change-Id: If3909b01d3bc19434bbd5b6b77e7cd76182b2bdf
This commit is contained in:
Alex Dale
2022-08-01 15:22:18 -07:00
parent 490696322f
commit e3697c6595
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_decrypt_cenc_fuzz.cc
View File

@@ -151,8 +151,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
vector<OEMCrypto_SharedMemory> input_buffer(total_input_data_length);
size_t input_buffer_index = 0;
for (size_t i = 0; i < samples_length; i++) {
sample_descriptions[i].buffers.input_data =
&input_buffer[input_buffer_index];
if (total_input_data_length > 0) {
sample_descriptions[i].buffers.input_data =
&input_buffer[input_buffer_index];
}
input_buffer_index += std::min(
MAX_FUZZ_SAMPLE_SIZE, sample_descriptions[i].buffers.input_data_length);
@@ -163,7 +165,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
sample_descriptions[i].buffers.output_descriptor, i,
secure_fd_array)) {
LOGI(
"[OEMCrypto decrypt CENC fuzz] Secure buffers are not supported. Use "
"[OEMCrypto decrypt CENC fuzz] Secure buffers are not supported. "
"Use "
"clear buffer instead.");
sample_descriptions[i].buffers.output_descriptor.type =
OEMCrypto_BufferType_Clear;