frameworks/av
| Révision | 7f0714951555cf92df2fa3c85a0250be048948cb (tree) |
|---|---|
| l'heure | 2020-02-07 08:18:05 |
| Auteur | Edwin Wong <edwinwong@goog...> |
| Commiter | Anis Assi |
[DO NOT MERGE] Fix heap buffer overflow in clearkey CryptoPlugin::decrypt
Fix destPtr was not pointing to destination raw pointer.
bug: 144506242
Test: sts
Change-Id: I9425baa21c82d5a5edf37c87989adbade0428b67
(cherry picked from commit dc4c427b2155a9928a7cdaac7c0a787dd9c8192d)
| @@ -106,6 +106,8 @@ Return<void> CryptoPlugin::decrypt( | ||
| 106 | 106 | return Void(); |
| 107 | 107 | } |
| 108 | 108 | |
| 109 | + base = static_cast<uint8_t *>(static_cast<void *>(destBase->getPointer())); | |
| 110 | + | |
| 109 | 111 | if (destBuffer.offset + destBuffer.size > destBase->getSize()) { |
| 110 | 112 | _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size"); |
| 111 | 113 | return Void(); |
Fork
drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp