Fix security vulnerability in ICrypto b/25800375 Change-Id: I03c9395f7c7de4ac5813a1207452aac57aa39484

commit: bb4877d143c6c7ec9b42e3c490fed58af4f39dea [log] [tgz]
author: Jeff Tinker <jtinker@google.com> Fri Dec 04 16:29:16 2015 -0800
committer: Jeff Tinker <jtinker@google.com> Fri Dec 04 16:29:16 2015 -0800
tree: 2d2582f5822643fd28c20f2d35f2cc9d55da8f24
parent: 3f273d10817ddb2f792ae043de692efcdf1988ae [diff]
diff --git a/media/libmedia/ICrypto.cpp b/media/libmedia/ICrypto.cpp
index 9703b0d..7fb1acc 100644
--- a/media/libmedia/ICrypto.cpp
+++ b/media/libmedia/ICrypto.cpp

@@ -321,7 +321,9 @@
 
             if (overflow || sumSubsampleSizes != totalSize) {
                 result = -EINVAL;
-            } else if (offset + totalSize > sharedBuffer->size()) {
+            } else if (totalSize > sharedBuffer->size()) {
+                result = -EINVAL;
+            } else if ((size_t)offset > sharedBuffer->size() - totalSize) {
                 result = -EINVAL;
             } else {
                 result = decrypt(
commit	bb4877d143c6c7ec9b42e3c490fed58af4f39dea	[log] [tgz]
author	Jeff Tinker <jtinker@google.com>	Fri Dec 04 16:29:16 2015 -0800
committer	Jeff Tinker <jtinker@google.com>	Fri Dec 04 16:29:16 2015 -0800
tree	2d2582f5822643fd28c20f2d35f2cc9d55da8f24
parent	3f273d10817ddb2f792ae043de692efcdf1988ae [diff]