DO NOT MERGE Fix vulnerability in mediaserver
ICrypto.cpp: ASLR bypass using DECRYPT IPC
bug: 24074485
Change-Id: Ia12942d6b86adde28745908d36a728ab5d69a037
diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp
index 2abb3ac..f51aaa2 100644
--- a/media/libmedia/ICrypto.cpp
+++ b/media/libmedia/ICrypto.cpp
@@ -246,6 +246,7 @@
size_t totalSize = data.readInt32();
void *srcData = malloc(totalSize);
+ memset(srcData, 0, totalSize);
data.read(srcData, totalSize);
int32_t numSubSamples = data.readInt32();
@@ -262,6 +263,7 @@
secureBufferId = reinterpret_cast<void *>(static_cast<uintptr_t>(data.readInt64()));
} else {
dstPtr = malloc(totalSize);
+ memset(dstPtr, 0, totalSize);
}
AString errorDetailMsg;