diff options
author | Jeff Tinker <jtinker@google.com> | 2015-12-04 16:29:16 -0800 |
---|---|---|
committer | Jeff Tinker <jtinker@google.com> | 2015-12-05 00:59:12 +0000 |
commit | 22f824feac43d5758f9a70b77f2aca840ba62c3b (patch) | |
tree | ddc4b6ec557aa96a5d54d6a9a48ccb240d118d3e /media/libmedia | |
parent | 6d3f50d9c31544a3cb9ae76c9ac08f92eb83c449 (diff) | |
download | frameworks_av-22f824feac43d5758f9a70b77f2aca840ba62c3b.zip frameworks_av-22f824feac43d5758f9a70b77f2aca840ba62c3b.tar.gz frameworks_av-22f824feac43d5758f9a70b77f2aca840ba62c3b.tar.bz2 |
Fix security vulnerability in ICrypto DO NOT MERGE
b/25800375
Change-Id: I03c9395f7c7de4ac5813a1207452aac57aa39484
Diffstat (limited to 'media/libmedia')
-rw-r--r-- | media/libmedia/ICrypto.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp index a398ff7..22f8af7 100644 --- a/media/libmedia/ICrypto.cpp +++ b/media/libmedia/ICrypto.cpp @@ -321,7 +321,9 @@ status_t BnCrypto::onTransact( if (overflow || sumSubsampleSizes != totalSize) { result = -EINVAL; - } else if (offset + totalSize > sharedBuffer->size()) { + } else if (totalSize > sharedBuffer->size()) { + result = -EINVAL; + } else if ((size_t)offset > sharedBuffer->size() - totalSize) { result = -EINVAL; } else { result = decrypt( |