summaryrefslogtreecommitdiff
path: root/nci
diff options
context:
space:
mode:
authorandroid-build-team Robot <android-build-team-robot@google.com>2021-05-20 00:04:25 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>2021-05-20 00:04:25 +0000
commit84f2c38685ddbfec579c3fe7e92c940c89e03941 (patch)
tree58fcc58164a5559aec7c0ee47064e2a612f2bbb2 /nci
parent7429a288922ba9e7e6bdefdb97387061ee6f21cf (diff)
parent93068b048d0cab72805ec7dd2020b433c82e5f45 (diff)
downloadNfc-84f2c38685ddbfec579c3fe7e92c940c89e03941.tar.gz
Merge cherrypicks of [14651914, 14651880, 14651759, 14652210, 14651594, 14651881, 14651915, 14651882, 14651883, 14651799, 14652154, 14651595, 14651760, 14652271, 14652272, 14652273, 14652056, 14651800, 14651801, 14651802, 14651884, 14651885, 14651886, 14652274, 14652275, 14652276, 14652277, 14652278, 14651894, 14651723, 14652211, 14651895, 14651916, 14651887, 14651888, 14651596, 14651889, 14652212, 14651761, 14652310, 14652311, 14651973, 14651974, 14652312, 14652313, 14651896, 14651803] into rvc-qpr3-releaseandroid-11.0.0_r40android-11.0.0_r39android11-qpr3-s1-release
Change-Id: I5355520165a55fbe0381ed6ab1923f65ad46a3b1
Diffstat (limited to 'nci')
-rw-r--r--nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp9
1 files changed, 9 insertions, 0 deletions
diff --git a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp
index 81ac416c..3ddc2ca8 100644
--- a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp
+++ b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp
@@ -1132,6 +1132,10 @@ static NFCSTATUS phNciNfc_RecvMfResp(phNciNfc_Buff_t* RspBuffInfo,
NdefMap->State == PH_FRINFC_NDEFMAP_STATE_WRITE ||
NdefMap->State == PH_FRINFC_NDEFMAP_STATE_WR_NDEF_LEN ||
NdefMap->State == PH_FRINFC_NDEFMAP_STATE_INIT)) {
+ if (2 > RspBuffInfo->wLen) {
+ android_errorWriteLog(0x534e4554, "181346550");
+ return NFCSTATUS_FAILED;
+ }
uint8_t rspAck = RspBuffInfo->pBuff[RspBuffInfo->wLen - 2];
uint8_t rspAckMask = ((RspBuffInfo->pBuff[RspBuffInfo->wLen - 1]) &
MAX_NUM_VALID_BITS_FOR_ACK);
@@ -1145,6 +1149,11 @@ static NFCSTATUS phNciNfc_RecvMfResp(phNciNfc_Buff_t* RspBuffInfo,
status = NFCSTATUS_SUCCESS;
uint16_t wRecvDataSz = 0;
+ if ((PHNCINFC_EXTNID_SIZE + PHNCINFC_EXTNSTATUS_SIZE) >
+ RspBuffInfo->wLen) {
+ android_errorWriteLog(0x534e4554, "181346550");
+ return NFCSTATUS_FAILED;
+ }
/* DataLen = TotalRecvdLen - (sizeof(RspId) + sizeof(Status)) */
wPldDataSize = ((RspBuffInfo->wLen) -
(PHNCINFC_EXTNID_SIZE + PHNCINFC_EXTNSTATUS_SIZE));
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 07:12:52 +0000