diff options
| author | George Chang <georgekgchang@google.com> | 2019-07-09 15:46:28 +0800 |
|---|---|---|
| committer | Vasyl Gello <vasek.gello@gmail.com> | 2019-10-08 18:22:59 +0000 |
| commit | 9a99e10225d537226cc6390719aadf20eb3765bc (patch) | |
| tree | 65270cfe8e45a74c2c147e697563a409427c5145 | |
| parent | cd968cd729a207b3f1af2f12fbfa85f6c3af5c6c (diff) | |
| download | android_packages_apps_Nfc-cm-14.1.tar.gz android_packages_apps_Nfc-cm-14.1.tar.bz2 android_packages_apps_Nfc-cm-14.1.zip | |
[DO NOT MERGE]Prevent length underflow in NfcTag.cppcm-14.1
Bug: 124940143
Test: Read Type4B Tag
Merged-In: Ibdab756410bf55d701875279df3e289dbc9369d6
Change-Id: Ibdab756410bf55d701875279df3e289dbc9369d6
(cherry picked from commit 96a10332c8157a26f442e05ca52da8a2ec65cfc8)
| -rw-r--r--[-rwxr-xr-x] | nci/jni/NfcTag.cpp | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/nci/jni/NfcTag.cpp b/nci/jni/NfcTag.cpp index c6e074bd..adc26197 100755..100644 --- a/nci/jni/NfcTag.cpp +++ b/nci/jni/NfcTag.cpp @@ -21,6 +21,7 @@ #include "NfcTag.h" #include "JavaClassConstants.h" #include "config.h" +#include <log/log.h> #include <ScopedLocalRef.h> #include <ScopedPrimitiveArray.h> @@ -741,7 +742,14 @@ void NfcTag::fillNativeNfcTagMembers3 (JNIEnv* e, jclass tag_cls, jobject tag, t *****************/ ALOGD ("%s: tech B; TARGET_TYPE_ISO14443_3B", fn); len = mTechParams [i].param.pb.sensb_res_len; - len = len - 4; //subtract 4 bytes for NFCID0 at byte 2 through 5 + if (len >= NFC_NFCID0_MAX_LEN) { + // subtract 4 bytes for NFCID0 at byte 2 through 5 + len = len - NFC_NFCID0_MAX_LEN; + } else { + android_errorWriteLog(0x534e4554, "124940143"); + ALOGE ("%s: sensb_res_len error", fn); + len = 0; + } pollBytes.reset(e->NewByteArray(len)); e->SetByteArrayRegion(pollBytes.get(), 0, len, (jbyte*) (mTechParams [i].param.pb.sensb_res+4)); } |