diff options
| -rw-r--r-- | stack/hid/hidh_conn.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/stack/hid/hidh_conn.c b/stack/hid/hidh_conn.c index 3e9a5c423..f41650554 100644 --- a/stack/hid/hidh_conn.c +++ b/stack/hid/hidh_conn.c @@ -43,6 +43,8 @@ #include "hidh_int.h" #include "bt_utils.h" +#include "log/log.h" + #include "device/include/interop.h" static UINT8 find_conn_by_cid (UINT16 cid); @@ -848,6 +850,13 @@ static void hidh_l2cif_data_ind (UINT16 l2cap_cid, BT_HDR *p_msg) return; } + if (p_msg->len < 1) { + HIDH_TRACE_WARNING("Rcvd L2CAP data, invalid length %d, should be >= 1", + p_msg->len); + GKI_freebuf(p_msg); + android_errorWriteLog(0x534e4554, "80493272"); + return; + } ttype = HID_GET_TRANS_FROM_HDR(*p_data); param = HID_GET_PARAM_FROM_HDR(*p_data); |