Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 934ebe41 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge "HID Device: Fix OOB in register_app" into pi-dev

parents 89ad31f7 e191fc38

system/bta/hd/bta_hd_api.cc

+5 −0
Original line number Original line Diff line number Diff line
@@ -27,6 +27,7 @@ 




#if defined(BTA_HD_INCLUDED) && (BTA_HD_INCLUDED == TRUE)

#if defined(BTA_HD_INCLUDED) && (BTA_HD_INCLUDED == TRUE)





#include <log/log.h>

#include <stdio.h>

#include <stdio.h>

#include <stdlib.h>

#include <stdlib.h>

#include <string.h>

#include <string.h>
@@ -124,6 +125,10 @@ extern void BTA_HdRegisterApp(tBTA_HD_APP_INFO* p_app_info, 




  p_buf->subclass = p_app_info->subclass;

  p_buf->subclass = p_app_info->subclass;





  if (p_app_info->descriptor.dl_len > BTA_HD_APP_DESCRIPTOR_LEN) {

    p_app_info->descriptor.dl_len = BTA_HD_APP_DESCRIPTOR_LEN;

    android_errorWriteLog(0x534e4554, "113111784");

  }

  p_buf->d_len = p_app_info->descriptor.dl_len;

  p_buf->d_len = p_app_info->descriptor.dl_len;

  memcpy(p_buf->d_data, p_app_info->descriptor.dsc_list,

  memcpy(p_buf->d_data, p_app_info->descriptor.dsc_list,

         p_app_info->descriptor.dl_len);

         p_app_info->descriptor.dl_len);

system/btif/src/btif_hd.cc

+15 −9
Original line number Original line Diff line number Diff line
@@ -25,15 +25,16 @@ 
 *

 *

 *

 *

 ***********************************************************************************/

 ***********************************************************************************/

#define LOG_TAG "BTIF_HD"



#include <errno.h>

#include <errno.h>

#include <hardware/bluetooth.h>

#include <hardware/bluetooth.h>

#include <hardware/bt_hd.h>

#include <hardware/bt_hd.h>

#include <log/log.h>

#include <stdio.h>

#include <stdio.h>

#include <stdlib.h>

#include <stdlib.h>

#include <string.h>

#include <string.h>





#define LOG_TAG "BTIF_HD"



#include "bta_api.h"

#include "bta_api.h"

#include "bta_hd_api.h"

#include "bta_hd_api.h"

#include "bta_hh_api.h"

#include "bta_hh_api.h"
@@ -399,13 +400,18 @@ static bt_status_t register_app(bthd_app_param_t* p_app_param, 
    return BT_STATUS_BUSY;

    return BT_STATUS_BUSY;

  }

  }





  app_info.p_name = (char*)osi_malloc(BTIF_HD_APP_NAME_LEN);

  if (strlen(p_app_param->name) >= BTIF_HD_APP_NAME_LEN ||

  memcpy(app_info.p_name, p_app_param->name, BTIF_HD_APP_NAME_LEN);

      strlen(p_app_param->description) >= BTIF_HD_APP_DESCRIPTION_LEN ||

  app_info.p_description = (char*)osi_malloc(BTIF_HD_APP_DESCRIPTION_LEN);

      strlen(p_app_param->provider) >= BTIF_HD_APP_PROVIDER_LEN) {

  memcpy(app_info.p_description, p_app_param->description,

    android_errorWriteLog(0x534e4554, "113037220");

  }

  app_info.p_name = (char*)osi_calloc(BTIF_HD_APP_NAME_LEN);

  strlcpy(app_info.p_name, p_app_param->name, BTIF_HD_APP_NAME_LEN);

  app_info.p_description = (char*)osi_calloc(BTIF_HD_APP_DESCRIPTION_LEN);

  strlcpy(app_info.p_description, p_app_param->description,

          BTIF_HD_APP_DESCRIPTION_LEN);

          BTIF_HD_APP_DESCRIPTION_LEN);

  app_info.p_provider = (char*)osi_malloc(BTIF_HD_APP_PROVIDER_LEN);

  app_info.p_provider = (char*)osi_calloc(BTIF_HD_APP_PROVIDER_LEN);

  memcpy(app_info.p_provider, p_app_param->provider, BTIF_HD_APP_PROVIDER_LEN);

  strlcpy(app_info.p_provider, p_app_param->provider, BTIF_HD_APP_PROVIDER_LEN);

  app_info.subclass = p_app_param->subclass;

  app_info.subclass = p_app_param->subclass;

  app_info.descriptor.dl_len = p_app_param->desc_list_len;

  app_info.descriptor.dl_len = p_app_param->desc_list_len;

  app_info.descriptor.dsc_list =

  app_info.descriptor.dsc_list =