Prevent OOB error for T2T read/writes Bug: 112161557 Test: Tag reading, HCE Merged-In: If170e107b172a590b53f916b12865a1839a25667 Change-Id: If170e107b172a590b53f916b12865a1839a25667 (cherry picked from commit a8d1622094dcd7a6450dbf7c3a6f6fcae5d8faaf)

commit: 482a31e484c37db002153f1d1f3229c162a63bde [log] [tgz]
author: Ruchi Kandoi <kandoiruchi@google.com> Thu Sep 27 17:12:54 2018 -0700
committer: Rohit Yengisetty <rngy@google.com> Tue Oct 16 16:05:12 2018 -0700
tree: 639eb21b4bb8ff9874c6f3f1ad55548df5e275ef
parent: 4879b6f49705c3ccd497e949f66b700ca518c99d [diff]
diff --git a/src/nfc/tags/rw_t2t_ndef.c b/src/nfc/tags/rw_t2t_ndef.c
index 3304a90..7bacc72 100644
--- a/src/nfc/tags/rw_t2t_ndef.c
+++ b/src/nfc/tags/rw_t2t_ndef.c

@@ -23,6 +23,7 @@
  *  Reader/Writer mode.
  *
  ******************************************************************************/
+#include <log/log.h>
 #include <string.h>
 #include "nfc_target.h"
 
@@ -664,6 +665,10 @@
 
                         /* Extract lockbytes info addressed by this Lock TLV */
                         xx = 0;
+                        if (count > RW_T2T_MAX_LOCK_BYTES) {
+                            count = RW_T2T_MAX_LOCK_BYTES;
+                            android_errorWriteLog(0x534e4554, "112161557");
+                        }
                         while (xx < count)
                         {
                             p_t2t->lockbyte[p_t2t->num_lockbytes].tlv_index     = p_t2t->num_lock_tlvs;
commit	482a31e484c37db002153f1d1f3229c162a63bde	[log] [tgz]
author	Ruchi Kandoi <kandoiruchi@google.com>	Thu Sep 27 17:12:54 2018 -0700
committer	Rohit Yengisetty <rngy@google.com>	Tue Oct 16 16:05:12 2018 -0700
tree	639eb21b4bb8ff9874c6f3f1ad55548df5e275ef
parent	4879b6f49705c3ccd497e949f66b700ca518c99d [diff]