Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 359bdee1 authored by Brian Delwiche's avatar Brian Delwiche
Browse files

Fix type confusion in avdt_msg.cc 

It is possible for a malicious user to reply to a pending AVDT message
with the wrong type, leading to type confusion and an eventual OOB
access.

Add message type validation.

Bug: 273995284
Test: m libbluetooth
Ignore-AOSP-First: security
Tag: #security
Merged-In: I87a0df92710658d6c27d9b63ee7813a0d45a301a
Merged-In: Iea207e7e5e3d469ccbc81f5abf945723cf7b60d3
Change-Id: I87a0df92710658d6c27d9b63ee7813a0d45a301a
parent bb4015e5
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment