DO NOT MERGE Fix vulnerability in mediaserver ICrypto.cpp: ASLR bypass using DECRYPT IPC bug: 24074485 Change-Id: Ia12942d6b86adde28745908d36a728ab5d69a037

commit: 5e7e87a383fdb1fece977097a7e3cc51b296f3a0 [log] [tgz]
author: Jeff Tinker <jtinker@google.com> Wed Sep 16 10:26:28 2015 -0700
committer: Jeff Tinker <jtinker@google.com> Wed Sep 16 10:26:28 2015 -0700
tree: 667fbe8db495c12ef13f2cb2f197fab34bbe9a9c
parent: f3eb82683a80341f5ac23057aab733a57963cab2 [diff] [blame]
diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp
index 7bd120e..505d782 100644
--- a/media/libmedia/ICrypto.cpp
+++ b/media/libmedia/ICrypto.cpp

@@ -236,6 +236,7 @@
 
             size_t totalSize = data.readInt32();
             void *srcData = malloc(totalSize);
+            memset(srcData, 0, totalSize);
             data.read(srcData, totalSize);
 
             int32_t numSubSamples = data.readInt32();
@@ -252,6 +253,7 @@
                 secureBufferId = reinterpret_cast<void *>(static_cast<uintptr_t>(data.readInt64()));
             } else {
                 dstPtr = malloc(totalSize);
+                memset(dstPtr, 0, totalSize);
             }
 
             AString errorDetailMsg;
commit	5e7e87a383fdb1fece977097a7e3cc51b296f3a0	[log] [tgz]
author	Jeff Tinker <jtinker@google.com>	Wed Sep 16 10:26:28 2015 -0700
committer	Jeff Tinker <jtinker@google.com>	Wed Sep 16 10:26:28 2015 -0700
tree	667fbe8db495c12ef13f2cb2f197fab34bbe9a9c
parent	f3eb82683a80341f5ac23057aab733a57963cab2 [diff] [blame]