[automerger] Fix copy length calculation in sdp_copy_raw_data am: 1a0571a4ac am:...

author Android Build Merger (Role) <noreply-android-build-merger@google.com>

Fri, 10 Aug 2018 07:04:30 +0000 (07:04 +0000)

committer Android Build Merger (Role) <noreply-android-build-merger@google.com>

Fri, 10 Aug 2018 07:04:30 +0000 (07:04 +0000)
author Android Build Merger (Role) <noreply-android-build-merger@google.com>
Fri, 10 Aug 2018 07:04:30 +0000 (07:04 +0000)
committer Android Build Merger (Role) <noreply-android-build-merger@google.com>
Fri, 10 Aug 2018 07:04:30 +0000 (07:04 +0000)
diff --git a/stack/sdp/sdp_discovery.c b/stack/sdp/sdp_discovery.c

index f0728ec..9462a27 100644 (file)
--- a/stack/sdp/sdp_discovery.c
+++ b/stack/sdp/sdp_discovery.c
@@ -377,8 +377,15 @@ static void sdp_copy_raw_data (tCONN_CB *p_ccb, BOOLEAN offset)
  
          if(offset)
          {
+            cpy_len -= 1;
              type = *p++;
+            uint8_t* old_p = p;
              p = sdpu_get_len_from_type (p, type, &list_len);
+            if ((int)cpy_len < (p - old_p)) {
+                SDP_TRACE_WARNING("%s: no bytes left for data", __func__);
+                return;
+            }
+            cpy_len -= (p - old_p);
          }
          if(list_len < cpy_len )
          {
author	Android Build Merger (Role) <noreply-android-build-merger@google.com>
	Fri, 10 Aug 2018 07:04:30 +0000 (07:04 +0000)
committer	Android Build Merger (Role) <noreply-android-build-merger@google.com>
	Fri, 10 Aug 2018 07:04:30 +0000 (07:04 +0000)