Project-1CE/frameworks_av - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Edwin Wong <edwinwong@google.com>	2021-01-26 20:25:20 -0800
committer	Edwin Wong <edwinwong@google.com>	2021-01-28 17:56:37 +0000
commit	9bae1251cfbc6fde87896bf1264dd0bbded7c5e5 (patch)
tree	06be0b66e3a5e8ab649aa9c1aa7355344746a7f2 /media/libmediatranscoding/TranscodingClientManager.cpp
parent	f89798253ab46c73090f0ccad324d6021872bf90 (diff)

Fix potential decrypt src pointer overflow.

There is a potential integer overflow to bypass the source base size check in decrypt. The source pointer can then point to the outside of the source buffer, which could potentially leak arbitrary memory content to destination pointer. Test: sts-tradefed sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160 Test: push to device with target_hwasan-userdebug build adb shell /data/local/tmp/Bug-17649616064 Bug: 176496160 Bug: 176444786 Change-Id: Iea3dcd44d0f4f61de3288ed1e26d8bd5e39115d2

Diffstat (limited to 'media/libmediatranscoding/TranscodingClientManager.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: