Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5835791f authored by Chris Manton's avatar Chris Manton Committed by Automerger Merge Worker
Browse files

RESTRICT AUTOMERGE Security fix OOB read vuln stack/avrc/avrc_pars_tg am: 5e6d55a1 

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/14000988

Change-Id: I13d9c5f893ee2eb053b6e8261e967c4763b9c86c
parents ef609b4d 5e6d55a1

system/stack/avrc/avrc_pars_tg.cc

+7 −0
Original line number Diff line number Diff line
@@ -119,6 +119,13 @@ static tAVRC_STS avrc_pars_vendor_cmd(tAVRC_MSG_VENDOR* p_msg, 
  if (p_msg->vendor_len == 0) return AVRC_STS_NO_ERROR;

  if (p_msg->p_vendor_data == NULL) return AVRC_STS_INTERNAL_ERR;



  if (p_msg->vendor_len < 4) {

    android_errorWriteLog(0x534e4554, "168712382");

    AVRC_TRACE_WARNING("%s: message length %d too short: must be at least 4",

                       __func__, p_msg->vendor_len);

    return AVRC_STS_INTERNAL_ERR;

  }



  p = p_msg->p_vendor_data;

  p_result->pdu = *p++;

  AVRC_TRACE_DEBUG("%s pdu:0x%x", __func__, p_result->pdu);