[automerger] Add PDU size checks in process_service_search_attr_rsp am: 3181bdee7d...

Change-Id: I274a46dd9edf3810f47daf791e1dc69c6ba0504b

diff --cc stack/sdp/sdp_discovery.c
index ac43160,557f86c..2ca2018
--- 1/stack/sdp/sdp_discovery.c
--- 2/stack/sdp/sdp_discovery.c
+++ b/stack/sdp/sdp_discovery.c
@@@ -591,8 -615,23 +598,15 @@@ static void process_service_search_attr
          SDP_TRACE_WARNING("list_len: %d, list_byte_count: %d",
              p_ccb->list_len, lists_byte_count);
  #endif
+ 
+         if (p_reply + lists_byte_count + 1 /* continuation */ > p_reply_end) {
+             android_errorWriteLog(0x534e4554, "79884292");
+             sdp_disconnect(p_ccb, SDP_INVALID_PDU_SIZE);
+             return;
+         }
+ 
          if (p_ccb->rsp_list == NULL)
 -        {
 -            p_ccb->rsp_list = (UINT8 *)GKI_getbuf (SDP_MAX_LIST_BYTE_COUNT);
 -            if (p_ccb->rsp_list == NULL)
 -            {
 -                SDP_TRACE_ERROR ("SDP - no gki buf to save rsp");
 -                sdp_disconnect (p_ccb, SDP_NO_RESOURCES);
 -                return;
 -            }
 -        }
 +            p_ccb->rsp_list = (UINT8 *)osi_malloc(SDP_MAX_LIST_BYTE_COUNT);
          memcpy (&p_ccb->rsp_list[p_ccb->list_len], p_reply, lists_byte_count);
          p_ccb->list_len += lists_byte_count;
          p_reply         += lists_byte_count;