[DO NOT MERGE] Fix heap buffer overflow in clearkey CryptoPlugin::decrypt Fix destPtr was not pointing to destination raw pointer. bug: 144506242 Test: sts ANDROID_BUILD_TOP= ./android-sts/tools/sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Poc19_12#testPocBug_144506242 Change-Id: I9425baa21c82d5a5edf37c87989adbade0428b67 (cherry picked from commit dc4c427b2155a9928a7cdaac7c0a787dd9c8192d)

commit: 7f0714951555cf92df2fa3c85a0250be048948cb [log] [tgz]
author: Edwin Wong <edwinwong@google.com> Tue Dec 17 17:56:17 2019 -0800
committer: Anis Assi <anisassi@google.com> Thu Feb 06 15:18:05 2020 -0800
tree: dc15a8f9d77c86e3d29830f7e3303480a15149f7
parent: f0364ba28c822fb21322a8ac6cd7a2af3a5d2ec2 [diff]
diff --git a/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp b/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp
index 198e099..cd2224d 100644
--- a/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp
+++ b/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp

@@ -106,6 +106,8 @@
         return Void();
     }
 
+    base = static_cast<uint8_t *>(static_cast<void *>(destBase->getPointer()));
+
     if (destBuffer.offset + destBuffer.size > destBase->getSize()) {
         _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
         return Void();
commit	7f0714951555cf92df2fa3c85a0250be048948cb	[log] [tgz]
author	Edwin Wong <edwinwong@google.com>	Tue Dec 17 17:56:17 2019 -0800
committer	Anis Assi <anisassi@google.com>	Thu Feb 06 15:18:05 2020 -0800
tree	dc15a8f9d77c86e3d29830f7e3303480a15149f7
parent	f0364ba28c822fb21322a8ac6cd7a2af3a5d2ec2 [diff]