am 0af50080: am 8ba28c84: am d61dbb36: am 38281f1c: am d386c5be: Merge "Fix heap data leak vulnerability" into klp-dev
* commit '0af5008096c9562f63808e37a60e5df150137526': Fix heap data leak vulnerability
This commit is contained in:
Jeff Tinker
@@ -741,9 +741,11 @@ status_t BpDrmManagerService::decrypt(
|
|||||||
const status_t status = reply.readInt32();
|
const status_t status = reply.readInt32();
|
||||||
ALOGV("Return value of decrypt() is %d", status);
|
ALOGV("Return value of decrypt() is %d", status);
|
||||||
|
|
||||||
const int size = reply.readInt32();
|
if (status == NO_ERROR) {
|
||||||
(*decBuffer)->length = size;
|
const int size = reply.readInt32();
|
||||||
reply.read((void *)(*decBuffer)->data, size);
|
(*decBuffer)->length = size;
|
||||||
|
reply.read((void *)(*decBuffer)->data, size);
|
||||||
|
}
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
@@ -1438,9 +1440,11 @@ status_t BnDrmManagerService::onTransact(
|
|||||||
|
|
||||||
reply->writeInt32(status);
|
reply->writeInt32(status);
|
||||||
|
|
||||||
const int size = decBuffer->length;
|
if (status == NO_ERROR) {
|
||||||
reply->writeInt32(size);
|
const int size = decBuffer->length;
|
||||||
reply->write(decBuffer->data, size);
|
reply->writeInt32(size);
|
||||||
|
reply->write(decBuffer->data, size);
|
||||||
|
}
|
||||||
|
|
||||||
clearDecryptHandle(&handle);
|
clearDecryptHandle(&handle);
|
||||||
delete encBuffer; encBuffer = NULL;
|
delete encBuffer; encBuffer = NULL;
|
||||||
|
|||||||
Reference in New Issue
Block a user