Merge "Check opaque size in CREATE_PLUGIN."

commit: c838f6deae1022a677d3b75591735237ce2896fe [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Tue Mar 14 23:29:20 2017 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Tue Mar 14 23:29:21 2017 +0000
tree: 3551b8a11113ae43f8b6f359b4a06bf3f992bbef
parent: 997a192b309db98d6087850c35feac6b6af483a0 [diff]
parent: 9247e10531fa3128d5263e3ad605a0fecefcd2d0 [diff]
diff --git a/drm/libmediadrm/ICrypto.cpp b/drm/libmediadrm/ICrypto.cpp
index 10e6bc3..d8424bb 100644
--- a/drm/libmediadrm/ICrypto.cpp
+++ b/drm/libmediadrm/ICrypto.cpp

@@ -235,17 +235,21 @@
             size_t opaqueSize = data.readInt32();
             void *opaqueData = NULL;
 
-            if (opaqueSize > 0) {
-                opaqueData = malloc(opaqueSize);
-                data.read(opaqueData, opaqueSize);
+            const size_t kMaxOpaqueSize = 100 * 1024;
+            if (opaqueSize > kMaxOpaqueSize) {
+                return BAD_VALUE;
             }
 
+            opaqueData = malloc(opaqueSize);
+            if (NULL == opaqueData) {
+                return NO_MEMORY;
+            }
+
+            data.read(opaqueData, opaqueSize);
             reply->writeInt32(createPlugin(uuid, opaqueData, opaqueSize));
 
-            if (opaqueData != NULL) {
-                free(opaqueData);
-                opaqueData = NULL;
-            }
+            free(opaqueData);
+            opaqueData = NULL;
 
             return OK;
         }
commit	c838f6deae1022a677d3b75591735237ce2896fe	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Tue Mar 14 23:29:20 2017 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Tue Mar 14 23:29:21 2017 +0000
tree	3551b8a11113ae43f8b6f359b4a06bf3f992bbef
parent	997a192b309db98d6087850c35feac6b6af483a0 [diff]
parent	9247e10531fa3128d5263e3ad605a0fecefcd2d0 [diff]