diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp index cc844504..c382e18a 100644 --- a/libwvdrmengine/cdm/core/src/crypto_session.cpp +++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp @@ -2358,7 +2358,7 @@ size_t CryptoSession::GenericEncryptionBlockSize( OEMCryptoResult CryptoSession::CopyBufferInChunks( const CdmDecryptionParameters& params, - OEMCrypto_DestBufferDesc buffer_descriptor) { + OEMCrypto_DestBufferDesc full_buffer_descriptor) { size_t remaining_encrypt_length = params.encrypt_length; uint8_t subsample_flags = OEMCrypto_FirstSubsample; @@ -2374,19 +2374,18 @@ OEMCryptoResult CryptoSession::CopyBufferInChunks( // calculating the new values. remaining_encrypt_length -= chunk_size; - // Update the destination buffer with the new offset. + // Update the destination buffer with the new offset. Because OEMCrypto + // can modify the OEMCrypto_DestBufferDesc during the call to + // OEMCrypto_CopyBuffer, (and is known to do so on some platforms) a new + // OEMCrypto_DestBufferDesc must be allocated for each call. + OEMCrypto_DestBufferDesc buffer_descriptor = full_buffer_descriptor; switch (buffer_descriptor.type) { case OEMCrypto_BufferType_Clear: - buffer_descriptor.buffer.clear.address = - static_cast(params.decrypt_buffer) + - params.decrypt_buffer_offset + additional_offset; - buffer_descriptor.buffer.clear.max_length = - params.decrypt_buffer_length - - (params.decrypt_buffer_offset + additional_offset); + buffer_descriptor.buffer.clear.address += additional_offset; + buffer_descriptor.buffer.clear.max_length -= additional_offset; break; case OEMCrypto_BufferType_Secure: - buffer_descriptor.buffer.secure.offset = - params.decrypt_buffer_offset + additional_offset; + buffer_descriptor.buffer.secure.offset += additional_offset; break; case OEMCrypto_BufferType_Direct: // OEMCrypto_BufferType_Direct does not need modification.