diff options
| author | Marie Janssen <jamuraa@google.com> | 2016-05-12 15:30:16 -0700 |
|---|---|---|
| committer | Jessica Wagantall <jwagantall@cyngn.com> | 2016-07-07 09:58:14 -0700 |
| commit | 945a2d6b3dc75b35afd3b7aefbd94bb1fc9710fc (patch) | |
| tree | 0d02f36297f32d50993507a4d95d3e2e312fb1c8 /btif/src/btif_hh.c | |
| parent | ef7a945bc1edd2300ebae0ac0d2134782189e402 (diff) | |
| download | android_system_bt-945a2d6b3dc75b35afd3b7aefbd94bb1fc9710fc.tar.gz android_system_bt-945a2d6b3dc75b35afd3b7aefbd94bb1fc9710fc.tar.bz2 android_system_bt-945a2d6b3dc75b35afd3b7aefbd94bb1fc9710fc.zip | |
DO NOT MERGE btif: check overflow on create_pbuf size
Bug: 27930580
Ticket: CYNGNOS-3020
Change-Id: Ieb1f23f9a8a937b21f7c5eca92da3b0b821400e6
(cherry picked from commit ad31ee0f0f03953064cc503314d5e39d687af50a)
Diffstat (limited to 'btif/src/btif_hh.c')
| -rw-r--r-- | btif/src/btif_hh.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/btif/src/btif_hh.c b/btif/src/btif_hh.c index 8188942b5..88e767a91 100644 --- a/btif/src/btif_hh.c +++ b/btif/src/btif_hh.c @@ -33,6 +33,8 @@ #define LOG_TAG "bt_btif_hh" +#include <cutils/log.h> + #include "bta_api.h" #include "bta_hh_api.h" #include "btif_storage.h" @@ -257,7 +259,12 @@ static void toggle_os_keylockstates(int fd, int changedlockstates) *******************************************************************************/ static BT_HDR *create_pbuf(UINT16 len, UINT8 *data) { - BT_HDR* p_buf = GKI_getbuf((UINT16) (len + BTA_HH_MIN_OFFSET + sizeof(BT_HDR))); + UINT16 buflen = (UINT16) (len + BTA_HH_MIN_OFFSET + sizeof(BT_HDR)); + if (buflen < len) { + android_errorWriteWithInfoLog(0x534e4554, "28672558", -1, NULL, 0); + return NULL; + } + BT_HDR* p_buf = GKI_getbuf(buflen); if (p_buf) { UINT8* pbuf_data; |