Bug:
206128341
Tag: #security
Test: gd/cert/run
Ignore-AOSP-First: Security fix
Change-Id: I7cbb601e87259c08796731de44f2b2eaba1e2894
rem_len -= 4;
// Make sure we don't read past the remaining data even if the length says
// we can Also need to watch comparing the int16_t with the uint16_t
- value.len = std::min(rem_len, (int16_t)value.len);
+ value.len = std::min((uint16_t)rem_len, value.len);
STREAM_TO_ARRAY(value.value, p, value.len);
// Accounting
rem_len -= value.len;