Prevent Out of bound error in phNxpNciHal_process_ext_rspandroid-security-9.0.0_r72android-security-9.0.0_r71android-security-9.0.0_r70android-security-9.0.0_r69android-security-9.0.0_r68android-security-9.0.0_r67android-security-9.0.0_r66android-security-9.0.0_r65android-security-9.0.0_r64android-security-9.0.0_r63android-security-9.0.0_r62android-9.0.0_r61android-9.0.0_r60android-9.0.0_r59android-9.0.0_r58android-9.0.0_r57android-9.0.0_r56android-9.0.0_r55android-9.0.0_r54android-9.0.0_r53android-9.0.0_r52android-9.0.0_r51android-9.0.0_r50android-9.0.0_r49android-9.0.0_r48security-pi-releasepie-security-release

Bug: 118152591
Test: Nfc Enable/Disable, R/W, P2P
Merged-In: I53bfc1b7eca4c3306f20488dc5fb8ccf9ed0e330
Change-Id: I53bfc1b7eca4c3306f20488dc5fb8ccf9ed0e330
(cherry picked from commit 210180d4eb8971f74aa17d1677e97a342c29c7b1)

1 files changed, 11 insertions, 2 deletions

diff --git a/halimpl/hal/phNxpNciHal_ext.cc b/halimpl/hal/phNxpNciHal_ext.cc
index 646a07b..bc3f7ec 100755
--- a/halimpl/hal/phNxpNciHal_ext.cc
+++ b/halimpl/hal/phNxpNciHal_ext.cc
@@ -12,8 +12,8 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- */#include <log/log.h>
-
+ */
+#include <log/log.h>
 #include <phDal4Nfc_messageQueueLib.h>
 #include <phNxpConfig.h>
 #include <phNxpLog.h>
@@ -98,6 +98,15 @@ void phNxpNciHal_ext_init(void) {
 NFCSTATUS phNxpNciHal_process_ext_rsp(uint8_t* p_ntf, uint16_t* p_len) {
   NFCSTATUS status = NFCSTATUS_SUCCESS;
 
+  if (p_ntf[0] == 0x61 && p_ntf[1] == 0x05 && *p_len < 14) {
+    if(*p_len <= 6) {
+      android_errorWriteLog(0x534e4554, "118152591");
+    }
+    NXPLOG_NCIHAL_E("RF_INTF_ACTIVATED_NTF length error!");
+    status = NFCSTATUS_FAILED;
+    return status;
+  }
+
   if (p_ntf[0] == 0x61 && p_ntf[1] == 0x05 && p_ntf[4] == 0x03 &&
       p_ntf[5] == 0x05 && nxpprofile_ctrl.profile_type == EMV_CO_PROFILE) {
     p_ntf[4] = 0xFF;