Check opaque size in CREATE_PLUGIN.
Check opaque size to be not greater than an abitrary 100K
and verify malloc succeeded.
Test: Play Movies & TV
Test: Netflix
Test: ANDROID_BUILD_TOP= ./android-gts/tools/gts-tradefed run gts
-m GtsMediaTestCases --test
com.google.android.media.gts.WidevineH264PlaybackTests#testL1With480P60
Test: Forcing opaque size to exceed limit and malloc to report failure;
both resulted in Netflix reporting an error and failing to play.
This is the expected result.
bug: 30202440
Change-Id: I9fdaf208471f2781ffbd656358b1bf1ef5b28ee8
diff --git a/drm/libmediadrm/ICrypto.cpp b/drm/libmediadrm/ICrypto.cpp
index 10e6bc3..d8424bb 100644
--- a/drm/libmediadrm/ICrypto.cpp
+++ b/drm/libmediadrm/ICrypto.cpp
@@ -235,17 +235,21 @@
size_t opaqueSize = data.readInt32();
void *opaqueData = NULL;
- if (opaqueSize > 0) {
- opaqueData = malloc(opaqueSize);
- data.read(opaqueData, opaqueSize);
+ const size_t kMaxOpaqueSize = 100 * 1024;
+ if (opaqueSize > kMaxOpaqueSize) {
+ return BAD_VALUE;
}
+ opaqueData = malloc(opaqueSize);
+ if (NULL == opaqueData) {
+ return NO_MEMORY;
+ }
+
+ data.read(opaqueData, opaqueSize);
reply->writeInt32(createPlugin(uuid, opaqueData, opaqueSize));
- if (opaqueData != NULL) {
- free(opaqueData);
- opaqueData = NULL;
- }
+ free(opaqueData);
+ opaqueData = NULL;
return OK;
}