b92e3bf778ab8dcf28193cfb63c40dd964644c47 - platform_frameworks_av

commit	b92e3bf778ab8dcf28193cfb63c40dd964644c47	[log] [tgz]
author	Edwin Wong <edwinwong@google.com>	Tue Nov 26 17:52:52 2019 -0800
committer	Edwin Wong <edwinwong@google.com>	Wed Jan 08 01:29:58 2020 +0000
tree	6264825f410a8c258c40002cedeb448869b1c2b4
parent	7b254210fe701b9023d1db342c6d1c884d39efe7 [diff]

[DO NOT MERGE] Fix heap buffer overflow for releaseSecureStops.

If the input SecureStopRelease size is less than sizeof(uint32_t)
in releaseSecureStops(), an out of bound read will occur.

bug: 144766455
bug: 144746235
bug: 147281068

Test: sts
ANDROID_BUILD_TOP= ./android-sts/tools/sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Poc19_11#testPocBug_144766455

Change-Id: Ibee5a105eaedfee37d2fa93f7024f63f30cc7409

drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp[diff]

1 file changed

tree: 6264825f410a8c258c40002cedeb448869b1c2b4

apex/
camera/
cmds/
drm/
include/
media/
services/
soundtrigger/
tools/
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE
OWNERS