Fix potential decrypt src pointer overflow. am: c14f262876 am: 107233b3dd am: e289b4aa83 am: 92d4d99b98

Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/13472562

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I726f9314c913abc14f267cd57a9b80e5542b0950
This commit is contained in:
Edwin Wong 2021-02-04 01:09:29 +00:00 committed by Automerger Merge Worker
commit c5f312b883

View file

@ -124,7 +124,11 @@ namespace implementation {
return Void();
}
if (source.offset + offset + source.size > sourceBase->getSize()) {
size_t totalSize = 0;
if (__builtin_add_overflow(source.offset, offset, &totalSize) ||
__builtin_add_overflow(totalSize, source.size, &totalSize) ||
totalSize > sourceBase->getSize()) {
android_errorWriteLog(0x534e4554, "176496160");
_hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
return Void();
}