DO NOT MERGE Fix vulnerability in mediaserver ICrypto.cpp: ASLR bypass using DECRYPT IPC bug: 24074485 Change-Id: Ia12942d6b86adde28745908d36a728ab5d69a037

commit: 6ca328597cfd812ddb2e04b2f621ac67b6b95118 [log] [tgz]
author: Jeff Tinker <jtinker@google.com> Wed Sep 16 10:26:28 2015 -0700
committer: The Android Automerger <android-build@google.com> Tue Oct 27 10:37:28 2015 -0700
tree: e247589af85c513ca57acd80cceab1f10ab8fa78
parent: f35e4b55e303edb3fc2366b427b007939e1238a6 [diff]
diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp
index 2abb3ac..f51aaa2 100644
--- a/media/libmedia/ICrypto.cpp
+++ b/media/libmedia/ICrypto.cpp

@@ -246,6 +246,7 @@
 
             size_t totalSize = data.readInt32();
             void *srcData = malloc(totalSize);
+            memset(srcData, 0, totalSize);
             data.read(srcData, totalSize);
 
             int32_t numSubSamples = data.readInt32();
@@ -262,6 +263,7 @@
                 secureBufferId = reinterpret_cast<void *>(static_cast<uintptr_t>(data.readInt64()));
             } else {
                 dstPtr = malloc(totalSize);
+                memset(dstPtr, 0, totalSize);
             }
 
             AString errorDetailMsg;
commit	6ca328597cfd812ddb2e04b2f621ac67b6b95118	[log] [tgz]
author	Jeff Tinker <jtinker@google.com>	Wed Sep 16 10:26:28 2015 -0700
committer	The Android Automerger <android-build@google.com>	Tue Oct 27 10:37:28 2015 -0700
tree	e247589af85c513ca57acd80cceab1f10ab8fa78
parent	f35e4b55e303edb3fc2366b427b007939e1238a6 [diff]