[automerger] DO NOT MERGE Fix OOB read before buffer length check am: e64b4a38b0...

Change-Id: I06022c8ab062e4422b443d49869293b777058b20

diff --git a/stack/smp/smp_act.c b/stack/smp/smp_act.c
index 688d967..e3be538 100644 (file)
--- a/stack/smp/smp_act.c
+++ b/stack/smp/smp_act.c
@@ -828,14 +828,18 @@ void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
     UINT8 reason = SMP_INVALID_PARAMETERS;
 
     SMP_TRACE_DEBUG("%s", __func__);
-    p_cb->status = *(UINT8 *)p_data;
 
     if (smp_command_has_invalid_parameters(p_cb))
     {
+        if (p_cb->rcvd_cmd_len < 2) {  // 1 (opcode) + 1 (Notif Type) bytes
+            android_errorWriteLog(0x534e4554, "111936834");
+        }
         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
         return;
     }
 
+    p_cb->status = *(UINT8 *)p_data;
+
     if (p != NULL)
     {
         STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);