[automerger] Check for overflow of crypto size am: d1fd027612 am: fe8dc06116 am: 1d1379f47d am: 7b432adb13 am: 4572777872 am: 1b227ecd31 am: 960c43e6f5 am: fc842287cc am: 0c6fa04393 am: 5f86393721 Change-Id: I3d6643feb0e11878d9c10aabbfb344a0e0efd0f8

commit: c5be8b200a5927d8d9e89f425ca1e544884b6031 [log] [tgz]
author: Marco Nelissen <marcone@google.com> Tue Aug 14 11:08:29 2018 -0700
committer: android-build-merger <android-build-merger@google.com> Tue Aug 14 11:08:29 2018 -0700
tree: 54c674346f01ba3cc65b776624ce2b007c199d73
parent: 6928c0eef8a2b2ae8397067e031c20f53eb3fd18 [diff]
parent: 5f86393721eccac982df412c2af341e8397c9087 [diff]
diff --git a/media/ndk/NdkMediaCodec.cpp b/media/ndk/NdkMediaCodec.cpp
index 6b20bca..42285f8 100644
--- a/media/ndk/NdkMediaCodec.cpp
+++ b/media/ndk/NdkMediaCodec.cpp

@@ -811,7 +811,13 @@
         size_t *encryptedbytes) {
 
     // size needed to store all the crypto data
-    size_t cryptosize = sizeof(AMediaCodecCryptoInfo) + sizeof(size_t) * numsubsamples * 2;
+    size_t cryptosize;
+    // = sizeof(AMediaCodecCryptoInfo) + sizeof(size_t) * numsubsamples * 2;
+    if (__builtin_mul_overflow(sizeof(size_t) * 2, numsubsamples, &cryptosize) ||
+            __builtin_add_overflow(cryptosize, sizeof(AMediaCodecCryptoInfo), &cryptosize)) {
+        ALOGE("crypto size overflow");
+        return NULL;
+    }
     AMediaCodecCryptoInfo *ret = (AMediaCodecCryptoInfo*) malloc(cryptosize);
     if (!ret) {
         ALOGE("couldn't allocate %zu bytes", cryptosize);
commit	c5be8b200a5927d8d9e89f425ca1e544884b6031	[log] [tgz]
author	Marco Nelissen <marcone@google.com>	Tue Aug 14 11:08:29 2018 -0700
committer	android-build-merger <android-build-merger@google.com>	Tue Aug 14 11:08:29 2018 -0700
tree	54c674346f01ba3cc65b776624ce2b007c199d73
parent	6928c0eef8a2b2ae8397067e031c20f53eb3fd18 [diff]
parent	5f86393721eccac982df412c2af341e8397c9087 [diff]