DO NOT MERGE Fix vulnerability in mediaserver ICrypto.cpp: ASLR bypass using DECRYPT IPC bug: 24074485 Change-Id: I40dd0e92083c7093030393b16dbab59323306a4e

commit: 636539eb1a0d407d7f82b7c9a6d9833f7715e287 [log] [tgz]
author: Jeff Tinker <jtinker@google.com> Wed Sep 16 10:23:12 2015 -0700
committer: Jeff Tinker <jtinker@google.com> Wed Sep 16 10:23:56 2015 -0700
tree: 815c5c0c5281a9de2c860da3cf1c62eea4d46b68
parent: 13ff64c2db84f4e7cac3396700e333b48c42c7ee [diff] [blame]
diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp
index bff4639..a88b393 100644
--- a/media/libmedia/ICrypto.cpp
+++ b/media/libmedia/ICrypto.cpp

@@ -236,6 +236,7 @@
 
             size_t totalSize = data.readInt32();
             void *srcData = malloc(totalSize);
+            memset(srcData, 0, totalSize);
             data.read(srcData, totalSize);
 
             int32_t numSubSamples = data.readInt32();
@@ -252,6 +253,7 @@
                 secureBufferId = (void *)data.readIntPtr();
             } else {
                 dstPtr = malloc(totalSize);
+                memset(dstPtr, 0, totalSize);
             }
 
             AString errorDetailMsg;
commit	636539eb1a0d407d7f82b7c9a6d9833f7715e287	[log] [tgz]
author	Jeff Tinker <jtinker@google.com>	Wed Sep 16 10:23:12 2015 -0700
committer	Jeff Tinker <jtinker@google.com>	Wed Sep 16 10:23:56 2015 -0700
tree	815c5c0c5281a9de2c860da3cf1c62eea4d46b68
parent	13ff64c2db84f4e7cac3396700e333b48c42c7ee [diff] [blame]