Fix potential decrypt src pointer overflow. am: c14f262876
am: 107233b3dd
am: e289b4aa83
am: 92d4d99b98
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/13472562 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I726f9314c913abc14f267cd57a9b80e5542b0950
This commit is contained in:
commit
c5f312b883
1 changed files with 5 additions and 1 deletions
|
@ -124,7 +124,11 @@ namespace implementation {
|
|||
return Void();
|
||||
}
|
||||
|
||||
if (source.offset + offset + source.size > sourceBase->getSize()) {
|
||||
size_t totalSize = 0;
|
||||
if (__builtin_add_overflow(source.offset, offset, &totalSize) ||
|
||||
__builtin_add_overflow(totalSize, source.size, &totalSize) ||
|
||||
totalSize > sourceBase->getSize()) {
|
||||
android_errorWriteLog(0x534e4554, "176496160");
|
||||
_hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
|
||||
return Void();
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue