Fix potential decrypt destPtr overflow.
There is a potential integer overflow to bypass the
destination base size check in decrypt. The destPtr
can then point to the outside of the destination buffer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176444622#testPocBug_176444622
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17644462264
Bug: 176444622
Bug: 176496353
Change-Id: I63043d10796f82ad805038ba1fad5bd7d5c89961
Merged-In: I63043d10796f82ad805038ba1fad5bd7d5c89961
1 file changed
