From 14704578b2d634cfdaa3437637261fd7ac77d640 Mon Sep 17 00:00:00 2001
From: Ted Wang <tedwang@google.com>
Date: Sat, 19 Jan 2019 14:25:23 +0800
Subject: [PATCH] Fix OOB in sdp_disc_server_rsp

Bug: 79883568
Test: manual
Change-Id: I71cd2f220839018f5b92ad153c1e294b40b07a90
---
 stack/sdp/sdp_discovery.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/stack/sdp/sdp_discovery.cc b/stack/sdp/sdp_discovery.cc
index 51f8d6c1e..77cd4a7d6 100644
--- a/stack/sdp/sdp_discovery.cc
+++ b/stack/sdp/sdp_discovery.cc
@@ -230,6 +230,12 @@ void sdp_disc_server_rsp(tCONN_CB* p_ccb, BT_HDR* p_msg) {
   p = (uint8_t*)(p_msg + 1) + p_msg->offset;
   uint8_t* p_end = p + p_msg->len;
 
+  if (p_msg->len < 1) {
+    android_errorWriteLog(0x534e4554, "79883568");
+    sdp_disconnect(p_ccb, SDP_GENERIC_ERROR);
+    return;
+  }
+
   BE_STREAM_TO_UINT8(rsp_pdu, p);
 
   p_msg->len--;
-- 
2.11.0