fe8b9a7cb32f739e3855c51c8803590908a1da9c - platform/frameworks/av

commit	fe8b9a7cb32f739e3855c51c8803590908a1da9c	[log] [tgz]
author	Edwin Wong <edwinwong@google.com>	Wed Nov 27 10:46:17 2019 -0800
committer	android-build-team Robot <android-build-team-robot@google.com>	Tue Feb 11 19:06:46 2020 +0000
tree	07acdca0ba7f6e53664f6676150302429eecc5f7
parent	a66592bf964df38810f7aa0eba490ab11984ec87 [diff]

[DO NOT MERGE] Fix heap buffer overflow for releaseSecureStops.

If the input SecureStopRelease size is less than sizeof(uint32_t)
in releaseSecureStops(), an out of bound read will occur.

bug: 144766455
bug: 144746235
bug: 147281068

Test: sts
ANDROID_BUILD_TOP= ./android-sts/tools/sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Poc19_11#testPocBug_144766455

Change-Id: Ieccdd86ad86966fbf1dde70d3b3fb73d6dd124a4
(cherry picked from commit fa237c4f76b7b9369d9c499bfdc81e5072ddde86)

drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp[diff]

1 file changed

tree: 07acdca0ba7f6e53664f6676150302429eecc5f7

apex/
camera/
cmds/
drm/
include/
media/
services/
soundtrigger/
tools/
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE
OWNERS