OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Security fix for potential OOB read in L2CAP
[android-x86/system-bt.git]
/
stack
/
l2cap
/
l2c_ble.cc
diff --git
a/stack/l2cap/l2c_ble.cc
b/stack/l2cap/l2c_ble.cc
index
b826dc1
..
16454a5
100644
(file)
--- a/
stack/l2cap/l2c_ble.cc
+++ b/
stack/l2cap/l2c_ble.cc
@@
-811,6
+811,11
@@
void l2cble_process_sig_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) {
case L2CAP_CMD_CREDIT_BASED_RECONFIG_RES: {
uint16_t result;
+ if (p + sizeof(uint16_t) > p_pkt_end) {
+ android_errorWriteLog(0x534e4554, "212694559");
+ LOG(ERROR) << "invalid read";
+ return;
+ }
STREAM_TO_UINT16(result, p);
L2CAP_TRACE_DEBUG(