[automerger] Check for overflow of crypto size am: d1fd027612 am: fe8dc06116 am: 1d1379f47d am: 7b432adb13 am: 4572777872 Change-Id: I61f454707ead459e64c810548032c99856b96467

commit: 1b227ecd315e902630af71c7d2b34e8f5250a01c [log] [tgz]
author: Android Build Merger (Role) <noreply-android-build-merger@google.com> Wed Aug 01 17:33:17 2018 +0000
committer: Android Build Merger (Role) <noreply-android-build-merger@google.com> Wed Aug 01 17:33:17 2018 +0000
tree: e1dba5702eba18c23ac731f6be4b593b9e0edb34
parent: 11eddd5a222180edbf7fba4f69d733463ebf4553 [diff]
parent: 4572777872c494ca442ff433d448cbecb94bb11d [diff]
diff --git a/media/ndk/NdkMediaCodec.cpp b/media/ndk/NdkMediaCodec.cpp
index 6d02cf1..6faa19f 100644
--- a/media/ndk/NdkMediaCodec.cpp
+++ b/media/ndk/NdkMediaCodec.cpp

@@ -553,7 +553,13 @@
         size_t *encryptedbytes) {
 
     // size needed to store all the crypto data
-    size_t cryptosize = sizeof(AMediaCodecCryptoInfo) + sizeof(size_t) * numsubsamples * 2;
+    size_t cryptosize;
+    // = sizeof(AMediaCodecCryptoInfo) + sizeof(size_t) * numsubsamples * 2;
+    if (__builtin_mul_overflow(sizeof(size_t) * 2, numsubsamples, &cryptosize) ||
+            __builtin_add_overflow(cryptosize, sizeof(AMediaCodecCryptoInfo), &cryptosize)) {
+        ALOGE("crypto size overflow");
+        return NULL;
+    }
     AMediaCodecCryptoInfo *ret = (AMediaCodecCryptoInfo*) malloc(cryptosize);
     if (!ret) {
         ALOGE("couldn't allocate %zu bytes", cryptosize);
commit	1b227ecd315e902630af71c7d2b34e8f5250a01c	[log] [tgz]
author	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Wed Aug 01 17:33:17 2018 +0000
committer	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Wed Aug 01 17:33:17 2018 +0000
tree	e1dba5702eba18c23ac731f6be4b593b9e0edb34
parent	11eddd5a222180edbf7fba4f69d733463ebf4553 [diff]
parent	4572777872c494ca442ff433d448cbecb94bb11d [diff]