Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit e5ab6c61 authored by Brian Delwiche's avatar Brian Delwiche
Browse files

Fix OOB write in build_read_multi_rsp of gatt_sr.cc 

build_read_multi_rsp is missing a bounds check, which can lead to an
OOB write when the mtu parameter is set to zero.

Add that bounds check.

Bug: 323850943
Test: atest GattSrTest
Test: researcher POC
Tag: #security
Flag: EXEMPT trivial validity checks
Ignore-AOSP-First: Security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:cad927034a371b82a4a07a16ec442eb261f6153f)
Merged-In: I18e4325dbc9d6814220332288c85b114d0415c2f
Change-Id: I18e4325dbc9d6814220332288c85b114d0415c2f
parent d477f5ed
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment