Add permission for the broadcast intent with SIP profiles for security purpose. am: 0e459673aa am: 4ba90c33b5 am: 03c525a6bf am: 674a3c79b2 am: 673e019acc am: e93a0099aa am: fa927d5d9c am: e3625512e2
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/opt/net/voip/+/13787771
Change-Id: I5f4e4bbc56b9a5a4fcddd593cdb0558c0c1f7559
diff --git a/src/jni/rtp/AudioGroup.cpp b/src/jni/rtp/AudioGroup.cpp
index e57b7f7..bb5111f 100644
--- a/src/jni/rtp/AudioGroup.cpp
+++ b/src/jni/rtp/AudioGroup.cpp
@@ -431,17 +431,15 @@
return;
}
int offset = 12 + ((buffer[0] & 0x0F) << 2);
- if (offset+2 >= bufferSize) {
+ // length is guaranteed to be <= buffersize, so it is safe with respect
+ // buffer overflow testing as well as offset into uninitialized buffer
+ if (offset + 2 + (int)sizeof(uint16_t) > length) {
ALOGV("invalid buffer offset: %d", offset+2);
return;
}
if ((buffer[0] & 0x10) != 0) {
offset += 4 + (ntohs(*(uint16_t *)&buffer[offset + 2]) << 2);
}
- if (offset >= bufferSize) {
- ALOGV("invalid buffer offset: %d", offset);
- return;
- }
if ((buffer[0] & 0x20) != 0) {
length -= buffer[length - 1];
}