diff options
author | Robert Shih <robertshih@google.com> | 2020-02-04 17:23:58 -0800 |
---|---|---|
committer | Vasyl Gello <vasek.gello@gmail.com> | 2020-05-05 05:40:02 +0000 |
commit | a955a9ded6a87e736cf5d495cf97c5888de01c64 (patch) | |
tree | 927068c0ce87e535d86405266f8fb443e56f0fee | |
parent | e5a890c47f141088ab261816792256dbe45d5c49 (diff) | |
download | frameworks_av-cm-14.1.tar.gz frameworks_av-cm-14.1.tar.bz2 frameworks_av-cm-14.1.zip |
BnCrypto: fix use-before-init in CREATE_PLUGINcm-14.1
Bug: 144767096
Test: poc_ICrypto_283
Merged-In: Id67dc9e793ee886e4cc49370d800c7f3580df313
Merged-In: I81ff7cde5e1693f05c90380e879f74d0c4bce5f1
Change-Id: If268553440b8a0cbbe011b5396974fd864a7d083
(cherry picked from commit 4bbfb6d8815002fc79b26aebba5f3ad2226c468e)
-rw-r--r-- | media/libmedia/ICrypto.cpp | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp index 0045cffc6e..d9ab1078e6 100644 --- a/media/libmedia/ICrypto.cpp +++ b/media/libmedia/ICrypto.cpp @@ -238,15 +238,23 @@ status_t BnCrypto::onTransact( { CHECK_INTERFACE(ICrypto, data, reply); - uint8_t uuid[16]; - data.read(uuid, sizeof(uuid)); + uint8_t uuid[16] = {0}; + if (data.read(uuid, sizeof(uuid)) != NO_ERROR) { + android_errorWriteLog(0x534e4554, "144767096"); + reply->writeInt32(BAD_VALUE); + return OK; + } size_t opaqueSize = data.readInt32(); void *opaqueData = NULL; if (opaqueSize > 0) { opaqueData = malloc(opaqueSize); - data.read(opaqueData, opaqueSize); + if (data.read(opaqueData, opaqueSize) != NO_ERROR) { + android_errorWriteLog(0x534e4554, "144767096"); + reply->writeInt32(BAD_VALUE); + return OK; + } } reply->writeInt32(createPlugin(uuid, opaqueData, opaqueSize)); |