diff options
author | Jeff Tinker <jtinker@google.com> | 2015-12-04 16:29:16 -0800 |
---|---|---|
committer | The Android Automerger <android-build@google.com> | 2015-12-10 16:11:12 -0800 |
commit | 7b461b52966265b7b55f723c22fa02fac32a8709 (patch) | |
tree | 254bb9ca2be0ce5a2fe7fab96181ac15249e741d | |
parent | 0681b5324c18b85a4e02b4e1a36ab67280d0ad2f (diff) | |
download | av-android-6.0.1_r12.tar.gz |
Fix security vulnerability in ICrypto DO NOT MERGEandroid-6.0.1_r12android-6.0.1_r11
b/25800375
Change-Id: I03c9395f7c7de4ac5813a1207452aac57aa39484
-rw-r--r-- | media/libmedia/ICrypto.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp index a398ff7244..22f8af7c09 100644 --- a/media/libmedia/ICrypto.cpp +++ b/media/libmedia/ICrypto.cpp @@ -321,7 +321,9 @@ status_t BnCrypto::onTransact( if (overflow || sumSubsampleSizes != totalSize) { result = -EINVAL; - } else if (offset + totalSize > sharedBuffer->size()) { + } else if (totalSize > sharedBuffer->size()) { + result = -EINVAL; + } else if ((size_t)offset > sharedBuffer->size() - totalSize) { result = -EINVAL; } else { result = decrypt( |