diff options
Diffstat (limited to 'bta/ag/bta_ag_at.cc')
| -rw-r--r-- | bta/ag/bta_ag_at.cc | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/bta/ag/bta_ag_at.cc b/bta/ag/bta_ag_at.cc index ecd9053c6..90c46ff4a 100644 --- a/bta/ag/bta_ag_at.cc +++ b/bta/ag/bta_ag_at.cc @@ -26,6 +26,7 @@ #include "bt_common.h" #include "bta_ag_at.h" +#include "log/log.h" #include "utl.h" /***************************************************************************** @@ -76,7 +77,7 @@ void bta_ag_at_reinit(tBTA_AG_AT_CB* p_cb) { * Returns void * *****************************************************************************/ -void bta_ag_process_at(tBTA_AG_AT_CB* p_cb) { +void bta_ag_process_at(tBTA_AG_AT_CB* p_cb, char* p_end) { uint16_t idx; uint8_t arg_type; char* p_arg; @@ -92,6 +93,11 @@ void bta_ag_process_at(tBTA_AG_AT_CB* p_cb) { if (p_cb->p_at_tbl[idx].p_cmd[0] != 0) { /* start of argument is p + strlen matching command */ p_arg = p_cb->p_cmd_buf + strlen(p_cb->p_at_tbl[idx].p_cmd); + if (p_arg > p_end) { + (*p_cb->p_err_cback)((tBTA_AG_SCB*)p_cb->p_user, false, nullptr); + android_errorWriteLog(0x534e4554, "112860487"); + return; + } /* if no argument */ if (p_arg[0] == 0) { @@ -133,12 +139,12 @@ void bta_ag_process_at(tBTA_AG_AT_CB* p_cb) { } else { (*p_cb->p_cmd_cback)((tBTA_AG_SCB*)p_cb->p_user, p_cb->p_at_tbl[idx].command_id, arg_type, p_arg, - int_arg); + p_end, int_arg); } } else { (*p_cb->p_cmd_cback)((tBTA_AG_SCB*)p_cb->p_user, p_cb->p_at_tbl[idx].command_id, arg_type, p_arg, - int_arg); + p_end, int_arg); } } /* else error */ @@ -189,8 +195,9 @@ void bta_ag_at_parse(tBTA_AG_AT_CB* p_cb, char* p_buf, uint16_t len) { (p_cb->p_cmd_buf[0] == 'A' || p_cb->p_cmd_buf[0] == 'a') && (p_cb->p_cmd_buf[1] == 'T' || p_cb->p_cmd_buf[1] == 't')) { p_save = p_cb->p_cmd_buf; + char* p_end = p_cb->p_cmd_buf + p_cb->cmd_pos; p_cb->p_cmd_buf += 2; - bta_ag_process_at(p_cb); + bta_ag_process_at(p_cb, p_end); p_cb->p_cmd_buf = p_save; } |