OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
0c0435b
)
DO NOT MERGE Fix OOB read in process_l2cap_cmd
author
Hansong Zhang
<hsz@google.com>
Thu, 12 Jul 2018 18:00:53 +0000
(11:00 -0700)
committer
Max Spector
<mspector@google.com>
Fri, 20 Jul 2018 20:53:34 +0000
(13:53 -0700)
Test: manual
Bug:
79488381
Change-Id: I723866ed40d3647fed99875f659bb95df96a6969
(cherry picked from commit
55afdafb272737a54bc629dbe4fdd4111ebb08f5
)
stack/l2cap/l2c_main.c
patch
|
blob
|
history
diff --git
a/stack/l2cap/l2c_main.c
b/stack/l2cap/l2c_main.c
index
05e9cd9
..
818060b
100644
(file)
--- a/
stack/l2cap/l2c_main.c
+++ b/
stack/l2cap/l2c_main.c
@@
-562,6
+562,10
@@
static void process_l2cap_cmd (tL2C_LCB *p_lcb, UINT8 *p, UINT16 pkt_len)
/* sanity check option length */
if ((cfg_len + L2CAP_CFG_OPTION_OVERHEAD) <= cmd_len)
{
+ if (p + cfg_len > p_next_cmd) {
+ android_errorWriteLog(0x534e4554, "79488381");
+ return;
+ }
p += cfg_len;
if ((cfg_code & 0x80) == 0)
{
OSDN Git Service
