Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 243fdf1c authored by Brian Delwiche's avatar Brian Delwiche Committed by Android Build Coastguard Worker
Browse files

Add bounds checks in btif_avrcp_audio_track.cc 

Fuzz testing reveals that the transcodeQ*ToFloat family of functions are
not bounds checked, causing a potential OOB write.

Check these functions against bounds of the destination array.

Bug: 275895309
Test: atest bluetooth_test_gd_unit, net_test_stack_btm
Tag: #security
Ignore-AOSP-First: Security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:46803ae95d63ee133eae83d885e7c051964dc8ed)
Merged-In: I7a13261429797769cf5b913912a30e249668ac93
Change-Id: I7a13261429797769cf5b913912a30e249668ac93
parent a218e5be
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment