Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_av / 3c9044cdef93c7c611118424f31448d618cc9da3
commit3c9044cdef93c7c611118424f31448d618cc9da3[log] [tgz]
authorEdwin Wong <edwinwong@google.com>Tue Feb 02 09:51:14 2021 -0800
committerEdwin Wong <edwinwong@google.com>Thu Feb 25 17:42:07 2021 +0000
tree6cdf7c06f8009373be335b1a0f5c1e64d409a84d
parent9bae1251cfbc6fde87896bf1264dd0bbded7c5e5 [diff]
[RESTRICT AUTOMERGE] Fix potential decrypt destPtr overflow.

There is a potential integer overflow to bypass the
destination base size check in decrypt. The destPtr
can then point to the outside of the destination buffer.

Test: sts-tradefed
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176444622#testPocBug_176444622

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-17644462264

Bug: 176444622
Bug: 176496353
Change-Id: I5fed981c4b0f70db6cdce532c446e264768e964c
1 file changed
tree: 6cdf7c06f8009373be335b1a0f5c1e64d409a84d
  1. apex/
  2. camera/
  3. cmds/
  4. drm/
  5. include/
  6. media/
  7. services/
  8. soundtrigger/
  9. tools/
  10. CleanSpec.mk
  11. MODULE_LICENSE_APACHE2
  12. NOTICE
  13. OWNERS