Merge SP1A.210407.002

Change-Id: I59c8a9fe4c458698011cf3ced77bcd2c4818a138
author: Scott Lobdell <slobdell@google.com> 2021-04-08 04:26:21 +0000
committer: Scott Lobdell <slobdell@google.com> 2021-04-08 04:26:21 +0000
commit: 95a4eaee873adf20b90a1d3d74c650c96a9271f2 (patch)
tree: 47c85878a2730bd38bffb1ee4c138764e4a57479 /drm/1.0/default/CryptoPlugin.cpp
parent: 0c2e5fb06bd4257044c4761e89705268421c77b3 (diff)
parent: aa0540c86a939e6c0f63e17d13d2aed3d9b53777 (diff)
1 files changed, 13 insertions, 4 deletions
diff --git a/drm/1.0/default/CryptoPlugin.cpp b/drm/1.0/default/CryptoPlugin.cpp
index e6d4e8447b..8dea7e9324 100644
--- a/drm/1.0/default/CryptoPlugin.cpp
+++ b/drm/1.0/default/CryptoPlugin.cpp
@@ -53,6 +53,8 @@ namespace implementation {
             uint32_t bufferId) {
         sp<IMemory> hidlMemory = mapMemory(base);
 
+        std::lock_guard<std::mutex> shared_buffer_lock(mSharedBufferLock);
+
         // allow mapMemory to return nullptr
         mSharedBufferMap[bufferId] = hidlMemory;
         return Void();
@@ -65,7 +67,7 @@ namespace implementation {
             const SharedBuffer& source, uint64_t offset,
             const DestinationBuffer& destination,
             decrypt_cb _hidl_cb) {
-
+        std::unique_lock<std::mutex> shared_buffer_lock(mSharedBufferLock);
         if (mSharedBufferMap.find(source.bufferId) == mSharedBufferMap.end()) {
             _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "source decrypt buffer base not set");
             return Void();
@@ -79,7 +81,7 @@ namespace implementation {
             }
         }
 
-        android::CryptoPlugin::Mode legacyMode;
+        android::CryptoPlugin::Mode legacyMode = android::CryptoPlugin::kMode_Unencrypted;
         switch(mode) {
         case Mode::UNENCRYPTED:
             legacyMode = android::CryptoPlugin::kMode_Unencrypted;
@@ -146,7 +148,10 @@ namespace implementation {
                 return Void();
             }
 
-            if (destBuffer.offset + destBuffer.size > destBase->getSize()) {
+            size_t totalSize = 0;
+            if (__builtin_add_overflow(destBuffer.offset, destBuffer.size, &totalSize) ||
+                totalSize > destBase->getSize()) {
+                android_errorWriteLog(0x534e4554, "176496353");
                 _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
                 return Void();
             }
@@ -157,7 +162,7 @@ namespace implementation {
             }
 
             base = static_cast<uint8_t *>(static_cast<void *>(destBase->getPointer()));
-            destPtr = static_cast<void *>(base + destination.nonsecureMemory.offset);
+            destPtr = static_cast<void*>(base + destination.nonsecureMemory.offset);
         } else if (destination.type == BufferType::NATIVE_HANDLE) {
             if (!secure) {
                 _hidl_cb(Status::BAD_VALUE, 0, "native handle destination must be secure");
@@ -170,6 +175,10 @@ namespace implementation {
             _hidl_cb(Status::BAD_VALUE, 0, "invalid destination type");
             return Void();
         }
+
+        // release mSharedBufferLock
+        shared_buffer_lock.unlock();
+
         ssize_t result = mLegacyPlugin->decrypt(secure, keyId.data(), iv.data(),
                 legacyMode, legacyPattern, srcPtr, legacySubSamples.get(),
                 subSamples.size(), destPtr, &detailMessage);
author	Scott Lobdell <slobdell@google.com>	2021-04-08 04:26:21 +0000
committer	Scott Lobdell <slobdell@google.com>	2021-04-08 04:26:21 +0000
commit	95a4eaee873adf20b90a1d3d74c650c96a9271f2 (patch)
tree	47c85878a2730bd38bffb1ee4c138764e4a57479 /drm/1.0/default/CryptoPlugin.cpp
parent	0c2e5fb06bd4257044c4761e89705268421c77b3 (diff)
parent	aa0540c86a939e6c0f63e17d13d2aed3d9b53777 (diff)