Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 714908ce authored by Chienyuan's avatar Chienyuan
Browse files

Fix potential arithmetic overflow in btif_config_set_bin 

Bug: 113572342
Test: manual
Change-Id: If9d375c2aa7e363f8a69df32aa7e423c8e0d130d
parent 6911fe60

system/btif/src/btif_config.cc

+6 −0
Original line number Diff line number Diff line
@@ -413,6 +413,12 @@ bool btif_config_set_bin(const std::string& section, const std::string& key, 


  if (length > 0) CHECK(value != NULL);



  size_t max_value = ((size_t)-1);

  if (((max_value - 1) / 2) < length) {

    LOG(ERROR) << __func__ << ": length too long";

    return false;

  }



  char* str = (char*)osi_calloc(length * 2 + 1);



  for (size_t i = 0; i < length; ++i) {