diff options
author | Timothy Yiu <tyiu@google.com> | 2023-04-04 03:43:07 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-04-04 03:43:07 +0000 |
commit | 931089382491b193c052cda7cf3e0aa74763f17a (patch) | |
tree | 08446834048956e58ac4488f38798864b857fcd2 | |
parent | ec4708a1ef6cc69c065be70c3992e98373dad78e (diff) | |
parent | c8f9df845df39109f2477271840ae7ec56493dc2 (diff) | |
download | bt-931089382491b193c052cda7cf3e0aa74763f17a.tar.gz |
Merge "Fix gatt_end_operation buffer overflow" into qt-dev am: c8f9df845d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/22316070
Change-Id: I7bf9c43a363afe3782c71ad897fc4a82f5532a76
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | stack/gatt/gatt_utils.cc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/stack/gatt/gatt_utils.cc b/stack/gatt/gatt_utils.cc index 2bd424000..013011778 100644 --- a/stack/gatt/gatt_utils.cc +++ b/stack/gatt/gatt_utils.cc @@ -1198,6 +1198,13 @@ void gatt_end_operation(tGATT_CLCB* p_clcb, tGATT_STATUS status, void* p_data) { cb_data.att_value.handle = p_clcb->s_handle; cb_data.att_value.len = p_clcb->counter; + if (cb_data.att_value.len > GATT_MAX_ATTR_LEN) { + LOG(WARNING) << __func__ + << StringPrintf(" Large cb_data.att_value, size=%d", + cb_data.att_value.len); + cb_data.att_value.len = GATT_MAX_ATTR_LEN; + } + if (p_data && p_clcb->counter) memcpy(cb_data.att_value.value, p_data, cb_data.att_value.len); } |