summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Tinker <jtinker@google.com>2015-09-21 18:57:36 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2015-09-21 18:57:36 +0000
commit0af5008096c9562f63808e37a60e5df150137526 (patch)
tree700f844f74c0005e7189792d38e95f41ef7e06b0
parent24328843b09dbc5afe69e0834b5c72b277c0f8e6 (diff)
parent8ba28c840589bcc7fa4dfcb26606748a0c0b7eb5 (diff)
downloadframeworks_av-0af5008096c9562f63808e37a60e5df150137526.zip
frameworks_av-0af5008096c9562f63808e37a60e5df150137526.tar.gz
frameworks_av-0af5008096c9562f63808e37a60e5df150137526.tar.bz2
am 8ba28c84: am d61dbb36: am 38281f1c: am d386c5be: Merge "Fix heap data leak vulnerability" into klp-dev
* commit '8ba28c840589bcc7fa4dfcb26606748a0c0b7eb5': Fix heap data leak vulnerability
-rw-r--r--drm/common/IDrmManagerService.cpp16
1 files changed, 10 insertions, 6 deletions
diff --git a/drm/common/IDrmManagerService.cpp b/drm/common/IDrmManagerService.cpp
index db41e0b..c235201 100644
--- a/drm/common/IDrmManagerService.cpp
+++ b/drm/common/IDrmManagerService.cpp
@@ -741,9 +741,11 @@ status_t BpDrmManagerService::decrypt(
const status_t status = reply.readInt32();
ALOGV("Return value of decrypt() is %d", status);
- const int size = reply.readInt32();
- (*decBuffer)->length = size;
- reply.read((void *)(*decBuffer)->data, size);
+ if (status == NO_ERROR) {
+ const int size = reply.readInt32();
+ (*decBuffer)->length = size;
+ reply.read((void *)(*decBuffer)->data, size);
+ }
return status;
}
@@ -1438,9 +1440,11 @@ status_t BnDrmManagerService::onTransact(
reply->writeInt32(status);
- const int size = decBuffer->length;
- reply->writeInt32(size);
- reply->write(decBuffer->data, size);
+ if (status == NO_ERROR) {
+ const int size = decBuffer->length;
+ reply->writeInt32(size);
+ reply->write(decBuffer->data, size);
+ }
clearDecryptHandle(&handle);
delete encBuffer; encBuffer = NULL;