Merge "RESTRICT AUTOMERGE: Fixes two bluetooth causing remote overreads (2/2)" into...

author Atanas Kirilov <akirilov@google.com>

Thu, 31 May 2018 22:05:01 +0000 (22:05 +0000)

committer Android (Google) Code Review <android-gerrit@google.com>

Thu, 31 May 2018 22:05:01 +0000 (22:05 +0000)
author Atanas Kirilov <akirilov@google.com>
Thu, 31 May 2018 22:05:01 +0000 (22:05 +0000)
committer Android (Google) Code Review <android-gerrit@google.com>
Thu, 31 May 2018 22:05:01 +0000 (22:05 +0000)
diff --cc stack/sdp/sdp_discovery.cc

index f4ee1b0,adf8d77..4b132f7
--- 1/stack/sdp/sdp_discovery.cc
--- 2/stack/sdp/sdp_discovery.cc
+++ b/stack/sdp/sdp_discovery.cc
@@@ -355,9 -355,14 +355,14 @@@ static void sdp_copy_raw_data(tCONN_CB
         type = *p++;
         p = sdpu_get_len_from_type(p, type, &list_len);
       }
- -    if (list_len && list_len < cpy_len) {
+ +    if (list_len < cpy_len) {
         cpy_len = list_len;
       }
+     rem_len = SDP_MAX_LIST_BYTE_COUNT - (unsigned int)(p - &p_ccb->rsp_list[0]);
+     if (cpy_len > rem_len) {
+       SDP_TRACE_WARNING("rem_len :%d less than cpy_len:%d", rem_len, cpy_len);
+       cpy_len = rem_len;
+     }
       SDP_TRACE_WARNING(
           "%s: list_len:%d cpy_len:%d p:%p p_ccb:%p p_db:%p raw_size:%d "
           "raw_used:%d raw_data:%p",
author	Atanas Kirilov <akirilov@google.com>
	Thu, 31 May 2018 22:05:01 +0000 (22:05 +0000)
committer	Android (Google) Code Review <android-gerrit@google.com>
	Thu, 31 May 2018 22:05:01 +0000 (22:05 +0000)