OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
750d38e
)
DO NOT MERGE Fix OOB read before buffer length check
author
Ugo Yu
<ugoyu@google.com>
Wed, 8 Aug 2018 06:46:42 +0000
(14:46 +0800)
committer
Ryan Longair
<rlongair@google.com>
Wed, 15 Aug 2018 20:24:59 +0000
(13:24 -0700)
Bug:
111936834
Test: manual
Change-Id: Ib98528fb62db0d724ebd9112d071e367f78e369d
(cherry picked from commit
4548f34c90803c6544f6bed03399f2eabeab2a8e
)
stack/smp/smp_act.cc
patch
|
blob
|
history
diff --git
a/stack/smp/smp_act.cc
b/stack/smp/smp_act.cc
index
2103776
..
59045be
100644
(file)
--- a/
stack/smp/smp_act.cc
+++ b/
stack/smp/smp_act.cc
@@
-725,13
+725,17
@@
void smp_process_keypress_notification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
uint8_t reason = SMP_INVALID_PARAMETERS;
SMP_TRACE_DEBUG("%s", __func__);
- p_cb->status = *(uint8_t*)p_data;
if (smp_command_has_invalid_parameters(p_cb)) {
+ if (p_cb->rcvd_cmd_len < 2) { // 1 (opcode) + 1 (Notif Type) bytes
+ android_errorWriteLog(0x534e4554, "111936834");
+ }
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
return;
}
+ p_cb->status = *(uint8_t*)p_data;
+
if (p != NULL) {
STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
} else {
OSDN Git Service
