aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--stack/gatt/att_protocol.cc10
1 files changed, 8 insertions, 2 deletions
diff --git a/stack/gatt/att_protocol.cc b/stack/gatt/att_protocol.cc
index 87da319d8..e7d22c508 100644
--- a/stack/gatt/att_protocol.cc
+++ b/stack/gatt/att_protocol.cc
@@ -159,8 +159,14 @@ static BT_HDR* attp_build_read_by_type_value_cmd(
uint16_t payload_size, tGATT_FIND_TYPE_VALUE* p_value_type) {
uint8_t* p;
uint16_t len = p_value_type->value_len;
- BT_HDR* p_buf =
- (BT_HDR*)osi_malloc(sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET);
+ BT_HDR* p_buf = nullptr;
+
+ if (payload_size < 5) {
+ return nullptr;
+ }
+
+ p_buf =
+ (BT_HDR*)osi_malloc(sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET);
p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
p_buf->offset = L2CAP_MIN_OFFSET;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 21:05:30 +0000