diff options
Diffstat (limited to 'btif/src/btif_hf.cc')
| -rw-r--r-- | btif/src/btif_hf.cc | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/btif/src/btif_hf.cc b/btif/src/btif_hf.cc index 9ec6da806..01a7a448a 100644 --- a/btif/src/btif_hf.cc +++ b/btif/src/btif_hf.cc @@ -33,6 +33,7 @@ #include <hardware/bluetooth.h> #include <hardware/bt_hf.h> +#include <log/log.h> #include "bta/include/utl.h" #include "bta_ag_api.h" @@ -1198,13 +1199,20 @@ static bt_status_t clcc_response(int index, bthf_call_direction_t dir, dialnum[newidx++] = '+'; } for (size_t i = 0; number[i] != 0; i++) { + if (newidx >= (sizeof(dialnum) - res_strlen - 1)) { + android_errorWriteLog(0x534e4554, "79266386"); + break; + } if (utl_isdialchar(number[i])) { dialnum[newidx++] = number[i]; } } dialnum[newidx] = 0; - snprintf(&ag_res.str[res_strlen], rem_bytes, ",\"%s\",%d", dialnum, - type); + // Reserve 5 bytes for ["][,][3_digit_type] + snprintf(&ag_res.str[res_strlen], rem_bytes - 5, ",\"%s", dialnum); + std::stringstream remaining_string; + remaining_string << "\"," << type; + strncat(&ag_res.str[res_strlen], remaining_string.str().c_str(), 5); } } BTA_AgResult(btif_hf_cb[idx].handle, BTA_AG_CLCC_RES, &ag_res); @@ -1357,6 +1365,13 @@ static bt_status_t phone_state_change(int num_active, int num_held, else xx = snprintf(ag_res.str, sizeof(ag_res.str), "\"%s\"", number); ag_res.num = type; + // 5 = [,][3_digit_type][null_terminator] + if (xx > static_cast<int>(sizeof(ag_res.str) - 5)) { + android_errorWriteLog(0x534e4554, "79431031"); + xx = sizeof(ag_res.str) - 5; + // Null terminating the string + memset(&ag_res.str[xx], 0, 5); + } if (res == BTA_AG_CALL_WAIT_RES) snprintf(&ag_res.str[xx], sizeof(ag_res.str) - xx, ",%d", type); |