DO NOT MERGE Prevent stack overflow in btif_storagereplicant-6.0-0004-rc1

Bug: 73963551 Test: manual Change-Id: I5f7a583aad150ebf9e3d492181d80ca935c8aa3f (cherry picked from commit e8d311224277e9db5dc94cb94929125992f546f3)
author: Hansong Zhang <hsz@google.com> 2018-04-26 15:50:53 -0700
committer: Tim Schumacher <timschumi@gmx.de> 2018-07-16 21:06:43 +0200
commit: d393eee00564289065a4a267af60033b5bdf293e (patch)
tree: 0051dfb4c74a979c05ade095157a641089b23af5
parent: 564dece781bbcc17efb5c72834d92414477e14bb (diff)
download: android_system_bt-d393eee00564289065a4a267af60033b5bdf293e.tar.gz
android_system_bt-d393eee00564289065a4a267af60033b5bdf293e.tar.bz2
android_system_bt-d393eee00564289065a4a267af60033b5bdf293e.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/btif/src/btif_storage.c b/btif/src/btif_storage.c
index 4dfe27625..451f5da74 100644
--- a/btif/src/btif_storage.c
+++ b/btif/src/btif_storage.c
@@ -295,6 +295,10 @@ static int prop2cfg(bt_bdaddr_t *remote_bd_addr, bt_property_t *prop)
                 bt_uuid_t *p_uuid = (bt_uuid_t*)prop->val + i;
                 memset(buf, 0, sizeof(buf));
                 uuid_to_string_legacy(p_uuid, buf);
+                if (strlen(value) + strlen(buf) + 1 > (int) sizeof(value) - 1) {
+                    android_errorWriteLog(0x534e4554, "73963551");
+                    return false;
+                }
                 strlcat(value, buf, size);
                 //strcat(value, ";");
                 strlcat(value, " ", size);
author	Hansong Zhang <hsz@google.com>	2018-04-26 15:50:53 -0700
committer	Tim Schumacher <timschumi@gmx.de>	2018-07-16 21:06:43 +0200
commit	d393eee00564289065a4a267af60033b5bdf293e (patch)
tree	0051dfb4c74a979c05ade095157a641089b23af5
parent	564dece781bbcc17efb5c72834d92414477e14bb (diff)
download	android_system_bt-d393eee00564289065a4a267af60033b5bdf293e.tar.gz android_system_bt-d393eee00564289065a4a267af60033b5bdf293e.tar.bz2 android_system_bt-d393eee00564289065a4a267af60033b5bdf293e.zip