diff options
| author | Jack Yu <jackcwyu@google.com> | 2020-03-05 16:15:29 +0800 |
|---|---|---|
| committer | Jack Yu <jackcwyu@google.com> | 2020-03-20 11:33:37 +0000 |
| commit | 6ece5eb6ee400b4b263ab9409b92527f21fb063a (patch) | |
| tree | 6d13efa39493cff37266f10700795a703947f58d | |
| parent | f384f95bfe983c90d6d549388bbc903ac8f50c3b (diff) | |
| download | android_hardware_nxp_nfc-6ece5eb6ee400b4b263ab9409b92527f21fb063a.tar.gz android_hardware_nxp_nfc-6ece5eb6ee400b4b263ab9409b92527f21fb063a.tar.bz2 android_hardware_nxp_nfc-6ece5eb6ee400b4b263ab9409b92527f21fb063a.zip | |
Prevent OOBR in NxpNfc::ioctl
Bug: 139736127
Test: nxp ioctl work
Change-Id: I693f6534ff93ccda9df063d126a24eaddc11856c
(cherry picked from commit 5235b50bae57631d64a9f38627c38a2b1d786519)
| -rwxr-xr-x | extns/impl/NxpNfc.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/extns/impl/NxpNfc.cpp b/extns/impl/NxpNfc.cpp index 955499f..3aab2a9 100755 --- a/extns/impl/NxpNfc.cpp +++ b/extns/impl/NxpNfc.cpp @@ -38,6 +38,10 @@ Return<void> NxpNfc::ioctl(uint64_t ioctlType, nfc_nci_IoctlInOutData_t* pInOutData = (nfc_nci_IoctlInOutData_t*)&inOutData[0]; + if (inOutData.size() < sizeof (nfc_nci_IoctlInOutData_t)) { + ALOGE("%s invalid inOutData size, size = %d", __func__, (int)inOutData.size()); + return Void(); + } /*data from proxy->stub is copied to local data which can be updated by * underlying HAL implementation since its an inout argument*/ memcpy(&inpOutData, pInOutData, sizeof(nfc_nci_IoctlInOutData_t)); |