There is a potential integer overflow to bypass the
destination base size check in decrypt. The destPtr
can then point to the outside of the destination buffer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176444622#testPocBug_176444622
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17644462264
Bug: 176444622
Bug: 176496353
Change-Id: I75ae057793a4ff4e4f52a8577bef189ad842fb0e
There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17649616064
Bug: 176496160
Bug: 176444786
Change-Id: I5ed8921cbd7120e2f3841de1ea7b73d33539838f
mapMemory can return a nullptr, must check for nullptr
IMemory.
Test: Play Movies (stream and pin movies)
Test: VtsHalDrmV1_0TargetTest
bug: 38386082
Change-Id: I0766380a5843415ef0260c26bd21d4b4051b20ea
Files relying on transitive include of utils/Log.h (and things that it
includes) from MQDescriptor.h
Test: pass
Merged-In: Iff316b21bef556bb026378b7f89e97ded3febef4
Change-Id: Iff316b21bef556bb026378b7f89e97ded3febef4
Files relying on transitive include of utils/Log.h (and things that it
includes) from MQDescriptor.h
Test: pass
Change-Id: Iff316b21bef556bb026378b7f89e97ded3febef4
hidl_string no longer will provide an implicit cast to const char* as it
interfers with other expected behaviors of the class. It now emulated
std::string in requiring a call to .c_str() to get the same behavior.
Bug: 36532780
Test: Build the tree
Change-Id: I265590c7c18f425e44863df062a56b67519a932a
Legacy error codes need to be converted into new Status values before
being reported. Decryption errors (that were negative) were changed to
absolute values. This caused their translation to new Status values to
fail.
b/35634335
Test: Verified with GtsExoPlayerTestCases. Some failures, but those
are unrelated to this CL and will be addressed separately.
Change-Id: I995cac33cb2725d02b0f1a3922e522ce07a9d1be
The initial drm hidl hal implementation assumed one
codec per crypto instance, but in fact there can be
multiple codecs per crypto instance. This change
extends the drm hal to allow multiple memory heaps
per crypto plugin. It fixes the issue of mapping
memory frequently during playback.
bug:35275191
Test: manual verification with Play Movies on angler
and in binderized mode on marlin
Change-Id: I0ec36856248623d2ad8acb8ce9873e9274883a40
Previously the drm and crypto plugins were separate hals.
This implied a separation of implementation libraries which
causes problems for some drm schemes. The reorganization
combines the hals into a single interface under drm.
Tests: basic gtests passing
Change-Id: I5cde6ff9f60625a0219731c4dbfcaefbd9f27f88
related-to-bug: 32815560
