OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
c368f50
)
DO NOT MERGE - Check SDU lower bound before allocate p_data
author
Ugo Yu
<ugoyu@google.com>
Mon, 17 Sep 2018 07:59:30 +0000
(15:59 +0800)
committer
android-build-team Robot
<android-build-team-robot@google.com>
Fri, 19 Oct 2018 16:33:08 +0000
(16:33 +0000)
Bug:
112321180
Test: SL4A BleCocTest:test_coc_insecured_connection_write_ascii
Change-Id: Id0c9aa2097f0b6bdc2bb9fa9086daa9452188e1d
(cherry picked from commit
6fc96f847be808a4f38eae45b5e9bbc3f18b9a2d
)
stack/l2cap/l2c_fcr.cc
patch
|
blob
|
history
diff --git
a/stack/l2cap/l2c_fcr.cc
b/stack/l2cap/l2c_fcr.cc
index
9c2742f
..
9030096
100644
(file)
--- a/
stack/l2cap/l2c_fcr.cc
+++ b/
stack/l2cap/l2c_fcr.cc
@@
-842,6
+842,14
@@
void l2c_lcc_proc_pdu(tL2C_CCB* p_ccb, BT_HDR* p_buf) {
return;
}
+ if (sdu_length < p_buf->len) {
+ L2CAP_TRACE_ERROR("%s: Invalid sdu_length: %d", __func__, sdu_length);
+ android_errorWriteWithInfoLog(0x534e4554, "112321180", -1, NULL, 0);
+ /* Discard the buffer */
+ osi_free(p_buf);
+ return;
+ }
+
p_data = (BT_HDR*)osi_malloc(L2CAP_MAX_BUF_SIZE);
if (p_data == NULL) {
osi_free(p_buf);