The shared memory buffer used by srcPtr can be freed by another
thread because it is not protected by a mutex. Subsequently,
a use after free AIGABRT can occur in a race condition.
SafetyNet logging is not added to avoid log spamming. The
mutex lock is called to setup for decryption, which is
called frequently.
The crash was reproduced on the device before the fix.
Verified the test passes after the fix.
Test: sts
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176495665#testPocBug_176495665
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-176495665_sts64
Bug: 176495665
Bug: 176444161
Change-Id: I4c83c44873eef960b654f387a3574fcad49c41a9
There is a potential integer overflow to bypass the
destination base size check in decrypt. The destPtr
can then point to the outside of the destination buffer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176444622#testPocBug_176444622
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17644462264
Bug: 176444622
Bug: 176496353
Change-Id: I63043d10796f82ad805038ba1fad5bd7d5c89961
Merged-In: I63043d10796f82ad805038ba1fad5bd7d5c89961
There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17649616064
Bug: 176496160
Bug: 176444786
Change-Id: I811a6f60948bde2a72906c2c6172fd7bc5feb6d9
In change id Ie2f306bce6aec697ae584da3f55b3cf72edaa07b, a
shared memory leak was fixed using a workaround that
maintained compatibility with the frozen DRM HAL API
1.1. Unfortunately it triggered an error log message that
was no longer an error condition. This change just removes
the log line to avoid raising undue concerns.
Change-Id: I9abe08ef5ab86b2f8589a5c1e5c5175e19ab09d2
Test: Compiles
Bug:111131173
bug:70205403
Test: manual play movies test forcing the legacy default
widevine plugin to be used, instead of the widevine hidl
service.
Change-Id: Icb5b234999c5bf49b31d967814e48d42d9dd767f
mapMemory can return a nullptr, must check for nullptr
IMemory.
Test: Play Movies (stream and pin movies)
Test: VtsHalDrmV1_0TargetTest
bug: 38386082
Change-Id: I0766380a5843415ef0260c26bd21d4b4051b20ea
Files relying on transitive include of utils/Log.h (and things that it
includes) from MQDescriptor.h
Test: pass
Merged-In: Iff316b21bef556bb026378b7f89e97ded3febef4
Change-Id: Iff316b21bef556bb026378b7f89e97ded3febef4
Files relying on transitive include of utils/Log.h (and things that it
includes) from MQDescriptor.h
Test: pass
Change-Id: Iff316b21bef556bb026378b7f89e97ded3febef4
hidl_string no longer will provide an implicit cast to const char* as it
interfers with other expected behaviors of the class. It now emulated
std::string in requiring a call to .c_str() to get the same behavior.
Bug: 36532780
Test: Build the tree
Change-Id: I265590c7c18f425e44863df062a56b67519a932a
Legacy error codes need to be converted into new Status values before
being reported. Decryption errors (that were negative) were changed to
absolute values. This caused their translation to new Status values to
fail.
b/35634335
Test: Verified with GtsExoPlayerTestCases. Some failures, but those
are unrelated to this CL and will be addressed separately.
Change-Id: I995cac33cb2725d02b0f1a3922e522ce07a9d1be
The initial drm hidl hal implementation assumed one
codec per crypto instance, but in fact there can be
multiple codecs per crypto instance. This change
extends the drm hal to allow multiple memory heaps
per crypto plugin. It fixes the issue of mapping
memory frequently during playback.
bug:35275191
Test: manual verification with Play Movies on angler
and in binderized mode on marlin
Change-Id: I0ec36856248623d2ad8acb8ce9873e9274883a40
Previously the drm and crypto plugins were separate hals.
This implied a separation of implementation libraries which
causes problems for some drm schemes. The reorganization
combines the hals into a single interface under drm.
Tests: basic gtests passing
Change-Id: I5cde6ff9f60625a0219731c4dbfcaefbd9f27f88
related-to-bug: 32815560
