Handle overflow in android::HeifDataSource::readAt Bug: 73782357 Change-Id: I03a5b4c5ddaf2664f342973da7f1a79f29cd7be5 (cherry picked from commit 237f9034c6cbe5cbafb0cd4c862d9dddfbdf7389)

commit: 083321da7d53181b9537b6f6101602412db8e292 [log] [tgz]
author: Sungtak Lee <taklee@google.com> Mon Mar 05 15:21:33 2018 -0800
committer: android-build-team Robot <android-build-team-robot@google.com> Tue Apr 17 18:02:01 2018 +0000
tree: 7ee0e26a0764bd9758b7ca1bb14e99cfaf3cf605
parent: d27af218182419d39caa8072c8db19bfff686b31 [diff]
diff --git a/media/libheif/HeifDecoderImpl.cpp b/media/libheif/HeifDecoderImpl.cpp
index 175d458..57209e2 100644
--- a/media/libheif/HeifDecoderImpl.cpp
+++ b/media/libheif/HeifDecoderImpl.cpp

@@ -139,6 +139,11 @@
     // have been caught above.
     CHECK(offset >= mCachedOffset);
 
+    off64_t resultOffset;
+    if (__builtin_add_overflow(offset, size, &resultOffset)) {
+        return ERROR_IO;
+    }
+
     if (size == 0) {
         return 0;
     }
commit	083321da7d53181b9537b6f6101602412db8e292	[log] [tgz]
author	Sungtak Lee <taklee@google.com>	Mon Mar 05 15:21:33 2018 -0800
committer	android-build-team Robot <android-build-team-robot@google.com>	Tue Apr 17 18:02:01 2018 +0000
tree	7ee0e26a0764bd9758b7ca1bb14e99cfaf3cf605
parent	d27af218182419d39caa8072c8db19bfff686b31 [diff]