[DO NOT MERGE] Fix heap buffer overflow in clearkey CryptoPlugin::decrypt Fix destPtr was not pointing to destination raw pointer. bug: 144506242 Test: sts ANDROID_BUILD_TOP= ./android-sts/tools/sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Poc19_12#testPocBug_144506242 Change-Id: Ia1b8f755daaada2f1411abeb3cb5b832a72b3c82 (cherry picked from commit 8464bfa975afe360bb8e3dd59c036ce4a4995fa8)

commit: bcd4eaae518a8185726fd440fca9e3b6eee6a1ff [log] [tgz]
author: Edwin Wong <edwinwong@google.com> Tue Dec 17 17:01:59 2019 -0800
committer: android-build-team Robot <android-build-team-robot@google.com> Tue Feb 11 19:06:52 2020 +0000
tree: 5f046524cc57102c64356af7e83fdd16c8160839
parent: fe8b9a7cb32f739e3855c51c8803590908a1da9c [diff]
diff --git a/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp b/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp
index f164f28..3ecf6d5 100644
--- a/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp
+++ b/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp

@@ -136,6 +136,8 @@
         return Void();
     }
 
+    base = static_cast<uint8_t *>(static_cast<void *>(destBase->getPointer()));
+
     if (destBuffer.offset + destBuffer.size > destBase->getSize()) {
         _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "invalid buffer size");
         return Void();
commit	bcd4eaae518a8185726fd440fca9e3b6eee6a1ff	[log] [tgz]
author	Edwin Wong <edwinwong@google.com>	Tue Dec 17 17:01:59 2019 -0800
committer	android-build-team Robot <android-build-team-robot@google.com>	Tue Feb 11 19:06:52 2020 +0000
tree	5f046524cc57102c64356af7e83fdd16c8160839
parent	fe8b9a7cb32f739e3855c51c8803590908a1da9c [diff]