OSDN Git Service
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:38 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c am:
90265d4ee0 skipped:
84ba34d57a
Change-Id: I73f54778128ee9bf1ed46c55bbd545b29ed2dc54
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:36 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c am:
90265d4ee0
Change-Id: I080739b77c52af5ff54bfc4e8a20cf8fd52b235b
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:35 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2 am:
a244a4072c
Change-Id: Ic43337c91c1cdcb9eaea22311cd7205dc05dcfa2
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:33 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce am:
059e3c77e2
Change-Id: I96de72b97a23eebad116c98899f59f399614cff7
Android Build Merger (Role) [Tue, 22 Jan 2019 21:47:32 +0000 (21:47 +0000)]
[automerger] DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed am:
74c6d501ce
Change-Id: Iad8449f422afb55305d3f1f2a148a4122c49c7d8
Hansong Zhang [Tue, 22 Jan 2019 21:46:47 +0000 (13:46 -0800)]
DO NOT MERGE btm_proc_smp_cback: Don't access p_dev_rec if freed
In btm_proc_smp_cback(), return after p_dev_rec is freed in the middle
to prevent use after free
Bug:
120612744
Test: Use ASAN build; connect to a LE device and wait for timeout
Change-Id: I09aa1cf1d1c835146b62d0f4989aeedfb885d95b
TreeHugger Robot [Mon, 7 Jan 2019 22:33:36 +0000 (22:33 +0000)]
Merge "DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu" into oc-dev
Stanley Tng [Tue, 11 Dec 2018 22:45:13 +0000 (14:45 -0800)]
DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu
Add check to make sure that data buffer is big enough to read the 2
bytes for length.
Also, fix a regression from the previous CL that checks the buffer length
before doing a memcpy. The previous check is too strict causing valid
sized buffers to be rejected. The length check is incorrect and off by the header size.
Bug:
120665616
Test: Run the SL4A Test for LE CoC, BleCoCTest
Merged-In: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
Change-Id: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
(cherry picked from commit
fcb1994de1f6ee34b8dc6804a2b32e20bf138073)
(cherry picked from commit
1f1d8b97d80d25023c4c7b04d2aa18d367f4158d)
(cherry picked from commit
6b2739f309f7719086eb8201b3e1a35ba60035f4)
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:29 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88 am:
2ebe3d52b0 skipped:
dff13d810c
Change-Id: I92b4d78f5b6a53c863e7ec6d91b4cc32982258f8
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:28 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88 am:
2ebe3d52b0
Change-Id: I0cbec621cadfaaf9142d427b52a17cd9db3cd08a
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:27 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31 am:
097ecf3d88
Change-Id: I9fd0733ff10442ca2050e440b954a9cb2f574c1a
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:26 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508 am:
85b4574a31
Change-Id: I40ce009c5868fde902bc29a0af1b62c89f02f158
Android Build Merger (Role) [Sun, 6 Jan 2019 21:36:24 +0000 (21:36 +0000)]
[automerger] DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu am:
c1fcbd5508
Change-Id: I5812786ed1ac013a273e300c1ddbe3fd26857543
Stanley Tng [Tue, 11 Dec 2018 22:45:13 +0000 (14:45 -0800)]
DO NOT MERGE A security fix to check buffer length in l2c_lcc_proc_pdu
Add check to make sure that data buffer is big enough to read the 2
bytes for length.
Also, fix a regression from the previous CL that checks the buffer length
before doing a memcpy. The previous check is too strict causing valid
sized buffers to be rejected. The length check is incorrect and off by the header size.
Bug:
120665616
Test: Run the SL4A Test for LE CoC, BleCoCTest
Merged-In: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
Change-Id: I30b7a8af11d3a5f974cb39e06b0e3463bebc8e9a
(cherry picked from commit
fcb1994de1f6ee34b8dc6804a2b32e20bf138073)
(cherry picked from commit
1f1d8b97d80d25023c4c7b04d2aa18d367f4158d)
(cherry picked from commit
6b2739f309f7719086eb8201b3e1a35ba60035f4)
Ugo Yu [Tue, 13 Nov 2018 12:03:28 +0000 (20:03 +0800)]
Add OOB check in avrc_pars_browse_rsp
Bug:
111451066
Test: Manully
Change-Id: I068d218b8957bb8f053148d252a9119a8def28cc
Android Build Merger (Role) [Thu, 29 Nov 2018 11:52:36 +0000 (11:52 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5 am:
c75667da96 skipped:
89e9bbb83c
Change-Id: Ia431ddd5ad1d6ee86bd6edd1057372b8dbf51d3b
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:42 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5 am:
c75667da96
Change-Id: I0e5f1348f27f0d9981f99cc0897f9dcc9f443bf3
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:39 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f am:
98ced409a5
Change-Id: I258a6e883061d68b24b30e17e03f72d2000e5f3f
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:37 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904 am:
12d8535d0f
Change-Id: I22ea297e564616790fd7e916747cdcea25d2b068
Android Build Merger (Role) [Thu, 29 Nov 2018 11:51:34 +0000 (11:51 +0000)]
[automerger] Fix buffer overflow in btif_dm_data_copy am:
d117975904
Change-Id: Icbd5b31039dbf3016575f9d6d69b216d76564c96
Jakub Pawlowski [Tue, 27 Nov 2018 16:59:57 +0000 (17:59 +0100)]
Fix buffer overflow in btif_dm_data_copy
When we use a union, we should always define variables as the union type,
not as one of the field subtypes. If the latter is cast to the union type,
buffer overflow can happen.
Bug:
110166268
Test: compilation
Change-Id: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Merged-In: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Jakub Pawlowski [Tue, 27 Nov 2018 17:22:22 +0000 (18:22 +0100)]
Fix buffer overflow in btif_dm_data_copy
When we use a union, we should always define variables as the union type,
not as one of the field subtypes. If the latter is cast to the union type,
buffer overflow can happen.
Bug:
110166268
Test: compilation
Change-Id: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Merged-In: I473c03b099ad5a326e7a3739f65efd33cf4775bd
Android Build Merger (Role) [Tue, 27 Nov 2018 20:09:16 +0000 (20:09 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65 am:
12557bb999 skipped:
2470706409
Change-Id: Id4bfbba911ecb95c728e1daba294fefc9d1de4ce
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:48 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65 am:
12557bb999
Change-Id: I1ecbacc502b14733b0f4bd11b057763506b1fd95
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:45 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071 am:
3f5af0aa65
Change-Id: I98ae5ab9e24acd447c0c72835067db0bc7430371
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:42 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c am:
a236f16071
Change-Id: I8615cedf8b9192c46506c54934229089021fe101
Android Build Merger (Role) [Tue, 27 Nov 2018 16:47:40 +0000 (16:47 +0000)]
[automerger] Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm am:
78508d2c2c
Change-Id: If8da202c56ee7deeb7aba67f59b19ef28466f6ae
Jakub Pawlowski [Tue, 20 Nov 2018 21:31:31 +0000 (22:31 +0100)]
Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm
Bug:
116222069
Test: compilation
Change-Id: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Merged-In: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Jakub Pawlowski [Tue, 20 Nov 2018 21:31:31 +0000 (22:31 +0100)]
Fix potential usage of freed memory in btif_hl_proc_sdp_query_cfm
Bug:
116222069
Test: compilation
Change-Id: Iebe2c500dfc2806ca321fdcd170e20c680619d4d
Cheney Ni [Thu, 8 Nov 2018 18:56:07 +0000 (18:56 +0000)]
Revert "Fix OOB in avrc_pars_browse_rsp"
This reverts commit
32a33dc12d4a9b21306510a98bcd039ca3be1dd3.
Reason for revert: regression issue found.
Change-Id: I48db0b0313477e1f3b6fe97cd4d540dfe16f3963
Bug:
111451066
TreeHugger Robot [Mon, 5 Nov 2018 21:32:27 +0000 (21:32 +0000)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into oc-dev
TreeHugger Robot [Mon, 5 Nov 2018 19:06:20 +0000 (19:06 +0000)]
Merge "DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr" into oc-dev
Hansong Zhang [Mon, 5 Nov 2018 18:03:36 +0000 (18:03 +0000)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into nyc-dev
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:29 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89 skipped:
c96313fb2c skipped:
9c2fb57cee
Change-Id: I9bb69caded703f74c79189f0cf78069e1fab9ca5
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:28 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89 skipped:
c96313fb2c
Change-Id: I29b39b9cd2b0390289b525bf50ce4080b4a9557a
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:27 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a skipped:
f9606e1d89
Change-Id: Iee0814f1ed5a5decc214abad4721a84825cd53b1
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:26 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1 skipped:
9805ed7a7a
Change-Id: I5977408e04b4479c9aa2b5d16a03e18d7e9deced
Android Build Merger (Role) [Mon, 5 Nov 2018 18:01:25 +0000 (18:01 +0000)]
[automerger skipped] DO NOT MERGE HFP: Check AT command buffer boundary during parsing skipped:
163dec2ae1
Change-Id: I406dd66fa46d18b70d48faedf810d6a3ddbe3fbc
TreeHugger Robot [Mon, 5 Nov 2018 17:16:37 +0000 (17:16 +0000)]
Merge "DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act" into oc-dev
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge "DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act" into nyc-dev
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into nyc-mr2-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c am:
d474c386ef
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into cw-f-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
TreeHugger Robot [Mon, 5 Nov 2018 17:16:34 +0000 (17:16 +0000)]
Merge changes from topic "am-
154171ba-0805-48c6-88cf-
c592ee3cf37c" into oc-dev
* changes:
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c am:
d474c386ef skipped:
0ea657053e
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c am:
d474c386ef
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
Chienyuan [Thu, 11 Oct 2018 01:47:46 +0000 (09:47 +0800)]
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
* add p_end parameter to tBTA_AG_AT_CMD_CBACK, bta_ag_at_hsp_cback
and bta_ag_at_hfp_cback to indicate effective data range of p_arg
* add checks for buffer copy overflow in bta_ag_at_hsp_cback and
bta_ag_at_hfp_cback
* add packet legnth checks with p_end in bta_ag_parse_cmer
* add packet length checks with p_end in bta_ag_parse_bac
Bug:
112860487
Test: manual
Change-Id: I6bbbc2ba29ad025c7d3ba023d8191af6a11c4aa9
Merged-In: I6bbbc2ba29ad025c7d3ba023d8191af6a11c4aa9
TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]
Merge changes from topic "Check-AT-command-buffer-boundary-during-parsing" into nyc-mr2-dev
* changes:
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f am:
289b3fa863
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]
Merge changes from topic "Check-AT-command-buffer-boundary-during-parsing" into cw-f-dev
* changes:
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]
Merge "DO NOT MERGE HFP: Check AT command buffer boundary during parsing" into nyc-mr1-dev
TreeHugger Robot [Sat, 3 Nov 2018 00:37:33 +0000 (00:37 +0000)]
Merge changes from topic "Check-AT-command-buffer-boundary-during-parsing" into oc-dev
* changes:
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f am:
289b3fa863 skipped:
04ade0fdc0
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f am:
289b3fa863
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
Myles Watson [Thu, 25 Oct 2018 00:05:12 +0000 (17:05 -0700)]
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
Bug:
115900043
Test: Sanity pairing and SDP PTS
Change-Id: Ib642f79ed22b65ede5ff786cb1e163d172480f11
Merged-In: Ib642f79ed22b65ede5ff786cb1e163d172480f11
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge "DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr" into nyc-dev
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into nyc-mr2-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3 am:
e50ffa7119
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into cw-f-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:47:59 +0000 (22:47 +0000)]
Merge changes from topic "am-
3290ac2a-4a57-4151-aaf8-
9695d2ed6348" into oc-dev
* changes:
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3 am:
e50ffa7119 skipped:
fc00aa02bf
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3 am:
e50ffa7119
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
TreeHugger Robot [Fri, 2 Nov 2018 22:44:07 +0000 (22:44 +0000)]
Merge "DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp" into oc-dev
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge "DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp" into nyc-dev
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into nyc-dr1-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into nyc-mr2-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa am:
0f2de3c3df
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into cw-f-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into nyc-mr1-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
TreeHugger Robot [Fri, 2 Nov 2018 22:43:43 +0000 (22:43 +0000)]
Merge changes from topic "am-
a8794701-2d32-4392-bf6f-
9d00a3751e39" into oc-dev
* changes:
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa am:
0f2de3c3df skipped:
a3dbdeece2
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa am:
0f2de3c3df
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
Chienyuan [Thu, 11 Oct 2018 02:36:57 +0000 (10:36 +0800)]
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
* add p_end parameter to tBTA_AG_AT_CMD_CBACK, bta_ag_at_hsp_cback
and bta_ag_at_hfp_cback to indicate effective data range of p_arg
* add checks for buffer copy overflow in bta_ag_at_hsp_cback and
bta_ag_at_hfp_cback
* add packet legnth checks with p_end in bta_ag_parse_cmer
* add packet length checks with p_end in bta_ag_parse_bac
Bug:
112860487
Test: manual
Change-Id: Idbfa2b8bd4c1a0aeeacfe34349851b3bc8de7c69
Merged-In: Idbfa2b8bd4c1a0aeeacfe34349851b3bc8de7c69
(cherry picked from commit
5b1ef1038e3f4e4371c3d6718bf0f684be65eb2b)
Android Build Merger (Role) [Fri, 2 Nov 2018 22:10:06 +0000 (22:10 +0000)]
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f am:
289b3fa863 skipped:
04ade0fdc0
Change-Id: Ibc39203eb7fa7c245d29013126e47c4638fd3c6b
Android Build Merger (Role) [Fri, 2 Nov 2018 22:10:05 +0000 (22:10 +0000)]
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f am:
289b3fa863
Change-Id: I3510b09b67948fa640b028df8346077dc87ead51
Android Build Merger (Role) [Fri, 2 Nov 2018 22:10:04 +0000 (22:10 +0000)]
[automerger] DO NOT MERGE HFP: Check AT command buffer boundary during parsing am:
aea10aec7f
Change-Id: I15e13d82ec8f1aea4236044762e96e704f4275b2
Chienyuan [Thu, 11 Oct 2018 02:36:57 +0000 (10:36 +0800)]
DO NOT MERGE HFP: Check AT command buffer boundary during parsing
* add p_end parameter to tBTA_AG_AT_CMD_CBACK, bta_ag_at_hsp_cback
and bta_ag_at_hfp_cback to indicate effective data range of p_arg
* add checks for buffer copy overflow in bta_ag_at_hsp_cback and
bta_ag_at_hfp_cback
* add packet legnth checks with p_end in bta_ag_parse_cmer
* add packet length checks with p_end in bta_ag_parse_bac
Bug:
112860487
Test: manual
Change-Id: Idbfa2b8bd4c1a0aeeacfe34349851b3bc8de7c69
(cherry picked from commit
5b1ef1038e3f4e4371c3d6718bf0f684be65eb2b)
TreeHugger Robot [Fri, 2 Nov 2018 04:17:54 +0000 (04:17 +0000)]
Merge "DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data" into oc-dev
Ugo Yu [Mon, 29 Oct 2018 16:47:04 +0000 (00:47 +0800)]
DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data
Bug:
111450156
Change-Id: Id23eeedcb7bde5866cd53a2f7f1c30f27c5352f6
Merged-In: Id23eeedcb7bde5866cd53a2f7f1c30f27c5352f6
(cherry picked from commit
b0125caafec2183d73fc899ce5a8aee43a6e54af)
TreeHugger Robot [Thu, 1 Nov 2018 18:04:03 +0000 (18:04 +0000)]
Merge changes from topic "am-
6595535a-66ae-4551-9774-
048441013dbf" into oc-dev
* changes:
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb am:
bf3c65e987 am:
6055cb79e5 skipped:
36f3c8f9f3
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb am:
bf3c65e987 am:
6055cb79e5
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb am:
bf3c65e987
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340
DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:20 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3 am:
e50ffa7119 skipped:
fc00aa02bf
Change-Id: I87a68dddfe4ef9a286300ba0544215150f047154
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:18 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3 am:
e50ffa7119
Change-Id: Idb717d5895c454b7e7661c67a5aef275df7634e3
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:17 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43 am:
07b95830b3
Change-Id: Ia5f3a475f290c5ebb76dd0256410cde567bb1e27
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:16 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501 am:
4494b9be43
Change-Id: Ie42e3bd1a03ef61a7229ffa5d099127ee8048d2a
Android Build Merger (Role) [Thu, 1 Nov 2018 16:37:14 +0000 (16:37 +0000)]
[automerger] DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr am:
2091fe7501
Change-Id: I4bdd3180984cb58b839a4d0625dfb37cb5a4e405
Myles Watson [Thu, 25 Oct 2018 00:05:12 +0000 (17:05 -0700)]
DO NOT MERGE: SDP: Check p_end in save_attr_seq and add_attr
Bug:
115900043
Test: Sanity pairing and SDP PTS
Change-Id: Ib642f79ed22b65ede5ff786cb1e163d172480f11
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:15 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa am:
0f2de3c3df skipped:
a3dbdeece2
Change-Id: I5e93b174e09bd4f1c143c90d9d0808aaa21ae6b2
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:14 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa am:
0f2de3c3df
Change-Id: I67e7de8e0560eb3d2bfd6b83c8318cf27235188b
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:13 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3 am:
3f5160f5aa
Change-Id: If1797511d46c172bac21c48b241beb6349d96367
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:12 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e am:
c1f3afedf3
Change-Id: I63664999ef4f512592a940d5bbeb8c64a7b31aff
Android Build Merger (Role) [Thu, 1 Nov 2018 16:20:11 +0000 (16:20 +0000)]
[automerger] DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp am:
840f70ca1e
Change-Id: Id89a5a5ac1a23b5d657bfe33bcc881f76746fac6
Myles Watson [Thu, 25 Oct 2018 22:27:03 +0000 (15:27 -0700)]
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
Bug:
116319076
Test: Send a short MCAP response
Change-Id: I0452f7d2c0f4ecccc7a6501773e26b403b116179
Myles Watson [Thu, 25 Oct 2018 22:27:03 +0000 (15:27 -0700)]
DO NOT MERGE: MCAP: Check response length in mca_ccb_hdl_rsp
Bug:
116319076
Test: Send a short MCAP response
Change-Id: I0452f7d2c0f4ecccc7a6501773e26b403b116179
Myles Watson [Thu, 25 Oct 2018 21:33:33 +0000 (14:33 -0700)]
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
Bug:
116108738
Test: send a malformed GET_IDLE command with no parameters
Change-Id: Ic57e748a06ea6d4fc16868310d3423ee71a7ac8c
Android Build Merger (Role) [Thu, 1 Nov 2018 15:56:51 +0000 (15:56 +0000)]
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c am:
d474c386ef skipped:
0ea657053e
Change-Id: Ie48855e26a95d62c332c5f1689d0f90841c14bd9
Android Build Merger (Role) [Thu, 1 Nov 2018 15:56:50 +0000 (15:56 +0000)]
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c am:
d474c386ef
Change-Id: Ife89de3734feaaa11ca9a1f8ebabf26cf57e66cf
Android Build Merger (Role) [Thu, 1 Nov 2018 15:56:49 +0000 (15:56 +0000)]
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8 am:
13e8d7ad1c
Change-Id: I527b11967c2a207702e570914b07c219dcdcd12c
Android Build Merger (Role) [Thu, 1 Nov 2018 15:56:48 +0000 (15:56 +0000)]
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981 am:
9172befdc8
Change-Id: I137bcb668670c62a0970af340eaaea7e1e69d614
Android Build Merger (Role) [Thu, 1 Nov 2018 15:56:47 +0000 (15:56 +0000)]
[automerger] DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act am:
a4a11e1981
Change-Id: I72ddadf35350b72a755d92be554a638d6ed476aa
Myles Watson [Thu, 25 Oct 2018 21:33:33 +0000 (14:33 -0700)]
DO NOT MERGE: HH: Check parameter length in bta_hh_ctrl_dat_act
Bug:
116108738
Test: send a malformed GET_IDLE command with no parameters
Change-Id: Ic57e748a06ea6d4fc16868310d3423ee71a7ac8c
Ugo Yu [Fri, 26 Oct 2018 10:15:17 +0000 (18:15 +0800)]
Fix OOB in avrc_pars_browse_rsp
- Check packet length before assign bytes to the pointer.
Bug:
111451066
Test: PoC test
Change-Id: I8ce4f4678a043fc16b0beeea2345253e7542b506
Android Build Merger (Role) [Wed, 31 Oct 2018 23:35:12 +0000 (23:35 +0000)]
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb am:
bf3c65e987 am:
6055cb79e5 skipped:
36f3c8f9f3
Change-Id: I05388dfce317c96f54d793e15c5aeb648d0dbb95
Android Build Merger (Role) [Wed, 31 Oct 2018 23:35:09 +0000 (23:35 +0000)]
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb am:
bf3c65e987 am:
6055cb79e5
Change-Id: Ie32fce429a36bbd531929e0a2baaf64814e62f03
Android Build Merger (Role) [Wed, 31 Oct 2018 23:35:06 +0000 (23:35 +0000)]
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb am:
bf3c65e987
Change-Id: If43dc850794289bec31c7a3d5853bb49f5571703
Android Build Merger (Role) [Wed, 31 Oct 2018 23:35:03 +0000 (23:35 +0000)]
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340 am:
8ee587afbb
Change-Id: Id0a40d0a6138e05b9038a09751a53a3f6deef786
Android Build Merger (Role) [Wed, 31 Oct 2018 23:35:00 +0000 (23:35 +0000)]
[automerger] DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data am:
ad4098c340
Change-Id: I43e5409e91d531854545e2d9ed10389f8f10db01
Ugo Yu [Mon, 29 Oct 2018 17:57:06 +0000 (01:57 +0800)]
DO NOT MERGE: Fix possible OOB when AVDT data channel recive ACL data
Bug:
111450156
Change-Id: Id23eeedcb7bde5866cd53a2f7f1c30f27c5352f6
(cherry picked from commit
b0125caafec2183d73fc899ce5a8aee43a6e54af)
Android Build Merger (Role) [Fri, 12 Oct 2018 06:34:07 +0000 (06:34 +0000)]
[automerger] Fix possible OOB read in process_service_search_rsp am:
b6fa6e4fff am:
8c06d18eea am:
dd2fbd1c21 am:
ea12ddddf5 skipped:
3d2f54aa0f
Change-Id: I694383e8c553b788926656c2ae03e8a3ca37b0ea