From 3fd87605288d6d8e5abebadbddfa6071387fecdd Mon Sep 17 00:00:00 2001
From: Jeff Tinker <jtinker@google.com>
Date: Wed, 16 Sep 2015 13:21:51 -0700
Subject: DO NOT MERGE Fix vulnerability in mediaserver

ICrypto.cpp: ASLR bypass using DECRYPT IPC

bug: 24074485
Change-Id: I61cd77f0894140547f666a80526ebfe1ec3d2db6
---
 media/libmedia/ICrypto.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'media/libmedia')

diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp
index 9703b0d..a398ff7 100644
--- a/media/libmedia/ICrypto.cpp
+++ b/media/libmedia/ICrypto.cpp
@@ -297,7 +297,7 @@ status_t BnCrypto::onTransact(
             if (secure) {
                 secureBufferId = reinterpret_cast<void *>(static_cast<uintptr_t>(data.readInt64()));
             } else {
-                dstPtr = malloc(totalSize);
+                dstPtr = calloc(1, totalSize);
             }
 
             AString errorDetailMsg;
-- 
cgit v1.1