[automerger] Check for overflow of crypto size am: d1fd027612 am: fe8dc06116 Change-Id: I9d6534a3b64e57922cf033b70535b7d2544f1cf2

commit: 1d1379f47dd975f9e9a86940e927e0ca5335d70e [log] [tgz]
author: Android Build Merger (Role) <noreply-android-build-merger@google.com> Wed Aug 01 17:33:12 2018 +0000
committer: Android Build Merger (Role) <noreply-android-build-merger@google.com> Wed Aug 01 17:33:12 2018 +0000
tree: cfc5c3e85ebe1bdfe6b6c4c5f8c08cfa38bd3d0c
parent: b7b790ef84dcff7205abf0c86988d8c9d3e71a8f [diff]
parent: fe8dc06116d0a172774a226158458443a76e6ccb [diff]
diff --git a/media/ndk/NdkMediaCodec.cpp b/media/ndk/NdkMediaCodec.cpp
index 50b490d..73e733e 100644
--- a/media/ndk/NdkMediaCodec.cpp
+++ b/media/ndk/NdkMediaCodec.cpp

@@ -447,7 +447,13 @@
         size_t *encryptedbytes) {
 
     // size needed to store all the crypto data
-    size_t cryptosize = sizeof(AMediaCodecCryptoInfo) + sizeof(size_t) * numsubsamples * 2;
+    size_t cryptosize;
+    // = sizeof(AMediaCodecCryptoInfo) + sizeof(size_t) * numsubsamples * 2;
+    if (__builtin_mul_overflow(sizeof(size_t) * 2, numsubsamples, &cryptosize) ||
+            __builtin_add_overflow(cryptosize, sizeof(AMediaCodecCryptoInfo), &cryptosize)) {
+        ALOGE("crypto size overflow");
+        return NULL;
+    }
     AMediaCodecCryptoInfo *ret = (AMediaCodecCryptoInfo*) malloc(cryptosize);
     if (!ret) {
         ALOGE("couldn't allocate %zu bytes", cryptosize);
commit	1d1379f47dd975f9e9a86940e927e0ca5335d70e	[log] [tgz]
author	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Wed Aug 01 17:33:12 2018 +0000
committer	Android Build Merger (Role) <noreply-android-build-merger@google.com>	Wed Aug 01 17:33:12 2018 +0000
tree	cfc5c3e85ebe1bdfe6b6c4c5f8c08cfa38bd3d0c
parent	b7b790ef84dcff7205abf0c86988d8c9d3e71a8f [diff]
parent	fe8dc06116d0a172774a226158458443a76e6ccb [diff]