aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimothy Yiu <tyiu@google.com>2023-04-04 03:43:07 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>2023-04-04 03:43:07 +0000
commit931089382491b193c052cda7cf3e0aa74763f17a (patch)
tree08446834048956e58ac4488f38798864b857fcd2
parentec4708a1ef6cc69c065be70c3992e98373dad78e (diff)
parentc8f9df845df39109f2477271840ae7ec56493dc2 (diff)
downloadbt-931089382491b193c052cda7cf3e0aa74763f17a.tar.gz
Merge "Fix gatt_end_operation buffer overflow" into qt-dev am: c8f9df845d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/22316070 Change-Id: I7bf9c43a363afe3782c71ad897fc4a82f5532a76 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--stack/gatt/gatt_utils.cc7
1 files changed, 7 insertions, 0 deletions
diff --git a/stack/gatt/gatt_utils.cc b/stack/gatt/gatt_utils.cc
index 2bd424000..013011778 100644
--- a/stack/gatt/gatt_utils.cc
+++ b/stack/gatt/gatt_utils.cc
@@ -1198,6 +1198,13 @@ void gatt_end_operation(tGATT_CLCB* p_clcb, tGATT_STATUS status, void* p_data) {
cb_data.att_value.handle = p_clcb->s_handle;
cb_data.att_value.len = p_clcb->counter;
+ if (cb_data.att_value.len > GATT_MAX_ATTR_LEN) {
+ LOG(WARNING) << __func__
+ << StringPrintf(" Large cb_data.att_value, size=%d",
+ cb_data.att_value.len);
+ cb_data.att_value.len = GATT_MAX_ATTR_LEN;
+ }
+
if (p_data && p_clcb->counter)
memcpy(cb_data.att_value.value, p_data, cb_data.att_value.len);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-21 10:02:33 +0000