From 5652d3d173589244a5deeb62e1091bea61a32497 Mon Sep 17 00:00:00 2001
From: Ningyuan Wang <nywang@google.com>
Date: Tue, 11 Oct 2016 11:42:12 -0700
Subject: resolve merge conflicts of 849c5c7 to mnc-dev

merge into mmr3
This resovles the merge conflict for ag/1514448/
After Android M, this function uses num_bssid instead of num_ap.
Both are prone to stack overflow attacks.

Bug: 31856351
Test: compile, unit tests, manual test
Change-Id: Ied24e6a7ee3047a5319bcca77a0f0f94889b6ca1
---
 service/jni/com_android_server_wifi_WifiNative.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/service/jni/com_android_server_wifi_WifiNative.cpp b/service/jni/com_android_server_wifi_WifiNative.cpp
index a15377308..a387a0c1f 100644
--- a/service/jni/com_android_server_wifi_WifiNative.cpp
+++ b/service/jni/com_android_server_wifi_WifiNative.cpp
@@ -899,15 +899,15 @@ static jboolean android_net_wifi_setHotlist(
         return false;
     }
 
-    if (params.num_ap >
+    if (params.num_bssid >
             static_cast<int>(sizeof(params.ap) / sizeof(params.ap[0]))) {
         ALOGE("setHotlist array length is too long");
         android_errorWriteLog(0x534e4554, "31856351");
         return false;
     }
 
-    for (int i = 0; i < params.num_ap; i++) {
-        jobject objAp = env->GetObjectArrayElement(array, i);
+    for (int i = 0; i < params.num_bssid; i++) {
+        JNIObject<jobject> objAp = helper.getObjectArrayElement(array, i);
 
         JNIObject<jstring> macAddrString = helper.getStringField(objAp, "bssid");
         if (macAddrString == NULL) {
-- 
cgit v1.2.3