diff options
author | Marco Nelissen <marcone@google.com> | 2018-07-31 15:12:51 -0700 |
---|---|---|
committer | Tim Schumacher <timschumi@gmx.de> | 2018-12-03 18:18:50 +0100 |
commit | 779361abc2ace8edf7e84170498a3980599087eb (patch) | |
tree | 2e9bfd9aa275d17b06f28505e6d87e69ebb65d49 | |
parent | 9127c1fd403ca552950e6e0f9fe34d27fbb21bf4 (diff) | |
download | frameworks_av-779361abc2ace8edf7e84170498a3980599087eb.tar.gz frameworks_av-779361abc2ace8edf7e84170498a3980599087eb.tar.bz2 frameworks_av-779361abc2ace8edf7e84170498a3980599087eb.zip |
Check for overflow of crypto size
Bug: 111603051
Test: CTS
Change-Id: Ib5b1802b9b35769a25c16e2b977308cf7a810606
(cherry picked from commit d1fd02761236b35a336434367131f71bef7405c9)
-rw-r--r-- | media/ndk/NdkMediaCodec.cpp | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/media/ndk/NdkMediaCodec.cpp b/media/ndk/NdkMediaCodec.cpp index cd0c4623ce..b6cec49195 100644 --- a/media/ndk/NdkMediaCodec.cpp +++ b/media/ndk/NdkMediaCodec.cpp @@ -421,7 +421,18 @@ AMediaCodecCryptoInfo *AMediaCodecCryptoInfo_new( size_t *encryptedbytes) { // size needed to store all the crypto data - size_t cryptosize = sizeof(AMediaCodecCryptoInfo) + sizeof(size_t) * numsubsamples * 2; + size_t cryptosize; + // = sizeof(AMediaCodecCryptoInfo) + sizeof(size_t) * numsubsamples * 2; + if (numsubsamples > SIZE_MAX / (sizeof(size_t) * 2)) { + ALOGE("crypto size overflow"); + return NULL; + } + cryptosize = sizeof(size_t) * numsubsamples * 2; + if (sizeof(AMediaCodecCryptoInfo) > SIZE_MAX - cryptosize) { + ALOGE("crypto size overflow"); + return NULL; + } + cryptosize += sizeof(AMediaCodecCryptoInfo); AMediaCodecCryptoInfo *ret = (AMediaCodecCryptoInfo*) malloc(cryptosize); if (!ret) { ALOGE("couldn't allocate %zu bytes", cryptosize); |