case AVRC_PDU_GET_PLAYER_APP_ATTR_TEXT:
{
- tAVRC_APP_SETTING_TEXT *p_setting_text;
UINT8 num_attrs;
if (len == 0)
break;
}
BE_STREAM_TO_UINT8(num_attrs, p);
+ if (num_attrs > AVRC_MAX_APP_ATTR_SIZE) {
+ num_attrs = AVRC_MAX_APP_ATTR_SIZE;
+ }
AVRC_TRACE_DEBUG("%s attr count = %d ", __func__, p_result->get_app_attr_txt.num_attr);
p_result->get_app_attr_txt.num_attr = num_attrs;
- p_setting_text = (tAVRC_APP_SETTING_TEXT*)osi_malloc(num_attrs * sizeof(tAVRC_APP_SETTING_TEXT));
+ p_result->get_app_attr_txt.p_attrs = (tAVRC_APP_SETTING_TEXT*)osi_malloc(num_attrs * sizeof(tAVRC_APP_SETTING_TEXT));
for (int xx = 0; xx < num_attrs; xx++)
{
BE_STREAM_TO_UINT8(p_result->get_app_attr_txt.p_attrs[xx].attr_id, p);
case AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT:
{
- tAVRC_APP_SETTING_TEXT *p_setting_text;
UINT8 num_vals;
if (len == 0)
break;
}
BE_STREAM_TO_UINT8(num_vals, p);
+ if (num_vals > AVRC_MAX_APP_ATTR_SIZE) {
+ num_vals = AVRC_MAX_APP_ATTR_SIZE;
+ }
p_result->get_app_val_txt.num_attr = num_vals;
AVRC_TRACE_DEBUG("%s value count = %d ", __func__, p_result->get_app_val_txt.num_attr);
- p_setting_text = (tAVRC_APP_SETTING_TEXT *)osi_malloc(num_vals * sizeof(tAVRC_APP_SETTING_TEXT));
+ p_result->get_app_val_txt.p_attrs = (tAVRC_APP_SETTING_TEXT *)osi_malloc(num_vals * sizeof(tAVRC_APP_SETTING_TEXT));
for (int i = 0; i < num_vals; i++) {
BE_STREAM_TO_UINT8(p_result->get_app_val_txt.p_attrs[i].attr_id, p);
BE_STREAM_TO_UINT16(p_result->get_app_val_txt.p_attrs[i].charset_id, p);
OSDN Git Service
