Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 0859244c authored by Cheney Ni's avatar Cheney Ni
Browse files

AVDTP: Fix a potential overflow about the media payload offset 

This variable is uint16, and is possible to overflow when the length of
header extension is larger. Here we compare with the data length to
prevent any exceptions.

Bug: 142546355
Tag: #security
Test: A2DP sink playback
Ignore-AOSP-First: security vulnerabilities
Change-Id: Id13b1ebde8f603123c8b7a49922b2f1378ab788f
parent c0e17a80
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment