Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 0a4fd201 authored by Brian Delwiche's avatar Brian Delwiche Committed by Android Build Coastguard Worker
Browse files

Fix type confusion in avdt_msg.cc 

It is possible for a malicious user to reply to a pending AVDT message
with the wrong type, leading to type confusion and an eventual OOB
access.

Add message type validation.

Bug: 273995284
Test: m libbluetooth
Ignore-AOSP-First: security
Tag: #security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:80c094a66067efc42837cb8da445de4c3f5b637f)
Merged-In: I87a0df92710658d6c27d9b63ee7813a0d45a301a
Change-Id: I87a0df92710658d6c27d9b63ee7813a0d45a301a
parent d33196b5
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment