OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
e08e28a
)
Fix OOB read in avrc_ctrl_pars_vendor_rsp
author
Hansong Zhang
<hsz@google.com>
Mon, 6 Aug 2018 21:40:37 +0000
(14:40 -0700)
committer
Ryan Longair
<rlongair@google.com>
Wed, 15 Aug 2018 20:28:38 +0000
(13:28 -0700)
Bug:
78526423
Test: manual
Change-Id: I0eeacc6a25b12f4b999098375d0d032cfa462a91
(cherry picked from commit
d945ada503ed9c9ea24e092df51faba57f5d589a
)
stack/avrc/avrc_pars_ct.cc
patch
|
blob
|
history
diff --git
a/stack/avrc/avrc_pars_ct.cc
b/stack/avrc/avrc_pars_ct.cc
index
4421c91
..
909274d
100644
(file)
--- a/
stack/avrc/avrc_pars_ct.cc
+++ b/
stack/avrc/avrc_pars_ct.cc
@@
-479,6
+479,11
@@
static tAVRC_STS avrc_ctrl_pars_vendor_rsp(tAVRC_MSG_VENDOR* p_msg,
break;
}
BE_STREAM_TO_UINT8(p_result->list_app_values.num_val, p);
+ if (p_result->list_app_values.num_val > AVRC_MAX_APP_ATTR_SIZE) {
+ android_errorWriteLog(0x534e4554, "78526423");
+ p_result->list_app_values.num_val = AVRC_MAX_APP_ATTR_SIZE;
+ }
+
AVRC_TRACE_DEBUG("%s value count = %d ", __func__,
p_result->list_app_values.num_val);
for (int xx = 0; xx < p_result->list_app_values.num_val; xx++) {
OSDN Git Service
