aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAjay Panicker <apanicke@google.com>2018-02-02 01:26:34 -0800
committerandroid-build-team Robot <android-build-team-robot@google.com>2018-02-26 23:52:46 +0000
commitacb8b710a1fffd282519c297f11b5a52f86be672 (patch)
tree879194ec04c0c86e7291878232af22e027241516
parent2c3a82a0d8dcf3f1692c01e1f44f7f62d48aacc7 (diff)
downloadbt-acb8b710a1fffd282519c297f11b5a52f86be672.tar.gz
AVRCP: Initialize buffer for attribute values to be written to
Test: Build Bug: 71603553 Change-Id: I978270605cfaa3b833d6c19f1b1d2cd5a82ac079 (cherry picked from commit e36d6f8edceed860929901b6c49c1964a1ac563f)
Diffstat
-rw-r--r--stack/avrc/avrc_pars_ct.cc13
1 files changed, 9 insertions, 4 deletions
diff --git a/stack/avrc/avrc_pars_ct.cc b/stack/avrc/avrc_pars_ct.cc
index 7f7fe015d..82c3cd755 100644
--- a/stack/avrc/avrc_pars_ct.cc
+++ b/stack/avrc/avrc_pars_ct.cc
@@ -502,7 +502,6 @@ static tAVRC_STS avrc_ctrl_pars_vendor_rsp(tAVRC_MSG_VENDOR* p_msg,
} break;
case AVRC_PDU_GET_PLAYER_APP_ATTR_TEXT: {
- tAVRC_APP_SETTING_TEXT* p_setting_text;
uint8_t num_attrs;
if (len == 0) {
@@ -510,10 +509,14 @@ static tAVRC_STS avrc_ctrl_pars_vendor_rsp(tAVRC_MSG_VENDOR* p_msg,
break;
}
BE_STREAM_TO_UINT8(num_attrs, p);
+ if (num_attrs > AVRC_MAX_APP_ATTR_SIZE) {
+ num_attrs = AVRC_MAX_APP_ATTR_SIZE;
+ }
AVRC_TRACE_DEBUG("%s attr count = %d ", __func__,
p_result->get_app_attr_txt.num_attr);
p_result->get_app_attr_txt.num_attr = num_attrs;
- p_setting_text = (tAVRC_APP_SETTING_TEXT*)osi_malloc(
+
+ p_result->get_app_attr_txt.p_attrs = (tAVRC_APP_SETTING_TEXT*)osi_malloc(
num_attrs * sizeof(tAVRC_APP_SETTING_TEXT));
for (int xx = 0; xx < num_attrs; xx++) {
BE_STREAM_TO_UINT8(p_result->get_app_attr_txt.p_attrs[xx].attr_id, p);
@@ -533,7 +536,6 @@ static tAVRC_STS avrc_ctrl_pars_vendor_rsp(tAVRC_MSG_VENDOR* p_msg,
} break;
case AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT: {
- tAVRC_APP_SETTING_TEXT* p_setting_text;
uint8_t num_vals;
if (len == 0) {
@@ -541,11 +543,14 @@ static tAVRC_STS avrc_ctrl_pars_vendor_rsp(tAVRC_MSG_VENDOR* p_msg,
break;
}
BE_STREAM_TO_UINT8(num_vals, p);
+ if (num_vals > AVRC_MAX_APP_ATTR_SIZE) {
+ num_vals = AVRC_MAX_APP_ATTR_SIZE;
+ }
p_result->get_app_val_txt.num_attr = num_vals;
AVRC_TRACE_DEBUG("%s value count = %d ", __func__,
p_result->get_app_val_txt.num_attr);
- p_setting_text = (tAVRC_APP_SETTING_TEXT*)osi_malloc(
+ p_result->get_app_val_txt.p_attrs = (tAVRC_APP_SETTING_TEXT*)osi_malloc(
num_vals * sizeof(tAVRC_APP_SETTING_TEXT));
for (int i = 0; i < num_vals; i++) {
BE_STREAM_TO_UINT8(p_result->get_app_val_txt.p_attrs[i].attr_id, p);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-16 01:28:00 +0000