diff options
author | Jeff Tinker <jtinker@google.com> | 2015-12-09 16:43:07 -0800 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2015-12-09 16:43:07 -0800 |
commit | 007064a8caae76cc17e883ece4c9f361cb6a7429 (patch) | |
tree | 324fd5e36325198bc58058e842c194d2a3f1f873 /media | |
parent | eb030dc3656e57a5386902dc955bb5a24c8a2404 (diff) | |
parent | 3f05f30117c9ad8a0956f31431ddd5fbc07fbd99 (diff) | |
download | frameworks_av-007064a8caae76cc17e883ece4c9f361cb6a7429.zip frameworks_av-007064a8caae76cc17e883ece4c9f361cb6a7429.tar.gz frameworks_av-007064a8caae76cc17e883ece4c9f361cb6a7429.tar.bz2 |
Merge "Fix security vulnerability in ICrypto DO NOT MERGE" into mnc-dev am: 89bec04cf8 am: f797a48b4c
am: 3f05f30117
* commit '3f05f30117c9ad8a0956f31431ddd5fbc07fbd99':
Fix security vulnerability in ICrypto DO NOT MERGE
Diffstat (limited to 'media')
-rw-r--r-- | media/libmedia/ICrypto.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp index a398ff7..22f8af7 100644 --- a/media/libmedia/ICrypto.cpp +++ b/media/libmedia/ICrypto.cpp @@ -321,7 +321,9 @@ status_t BnCrypto::onTransact( if (overflow || sumSubsampleSizes != totalSize) { result = -EINVAL; - } else if (offset + totalSize > sharedBuffer->size()) { + } else if (totalSize > sharedBuffer->size()) { + result = -EINVAL; + } else if ((size_t)offset > sharedBuffer->size() - totalSize) { result = -EINVAL; } else { result = decrypt( |