Merge Android R (rvc-dev-plus-aosp-without-vendor@6692709)
Bug: 166295507
Merged-In: I9a27d70c6b9cbc85956dcd7db0a44a827239135d
Change-Id: I6c989df8c8bcfbac6c5d1c14d2876de20192759b
diff --git a/halimpl/hal/phNxpNciHal.cc b/halimpl/hal/phNxpNciHal.cc
index f72fd25..f9a482d 100644
--- a/halimpl/hal/phNxpNciHal.cc
+++ b/halimpl/hal/phNxpNciHal.cc
@@ -935,7 +935,10 @@
nxpncihal_ctrl.cmd_len = data_len;
#ifdef P2P_PRIO_LOGIC_HAL_IMP
/* Specific logic to block RF disable when P2P priority logic is busy */
- if (p_data[0] == 0x21 && p_data[1] == 0x06 && p_data[2] == 0x01 &&
+ if (data_len < NORMAL_MODE_HEADER_LEN) {
+ /* Avoid OOB Read */
+ android_errorWriteLog(0x534e4554, "128530069");
+ } else if (p_data[0] == 0x21 && p_data[1] == 0x06 && p_data[2] == 0x01 &&
EnableP2P_PrioLogic == true) {
NXPLOG_NCIHAL_D("P2P priority logic busy: Disable it.");
phNxpNciHal_clean_P2P_Prio();
diff --git a/halimpl/hal/phNxpNciHal_ext.cc b/halimpl/hal/phNxpNciHal_ext.cc
old mode 100755
new mode 100644
index a9c88a8..6e10773
--- a/halimpl/hal/phNxpNciHal_ext.cc
+++ b/halimpl/hal/phNxpNciHal_ext.cc
@@ -676,8 +676,7 @@
}
}
- if (*cmd_len <= (NCI_MAX_DATA_LEN - 3) &&
- bEnableMfcReader && p_cmd_data[0] == 0x21 && p_cmd_data[1] == 0x00) {
+ if (bEnableMfcReader && p_cmd_data[0] == 0x21 && p_cmd_data[1] == 0x00) {
NXPLOG_NCIHAL_D("Going through extns - Adding Mifare in RF Discovery");
p_cmd_data[2] += 3;
p_cmd_data[3] += 1;
@@ -788,8 +787,7 @@
phNxpNciHal_print_packet("RECV", p_rsp_data, 5);
// status = NFCSTATUS_FAILED;
NXPLOG_NCIHAL_D("> Going through workaround - Dirty Set Config - End ");
- } else if (*cmd_len <= (NCI_MAX_DATA_LEN - 3) &&
- p_cmd_data[0] == 0x21 && p_cmd_data[1] == 0x00) {
+ } else if (p_cmd_data[0] == 0x21 && p_cmd_data[1] == 0x00) {
NXPLOG_NCIHAL_D(
"> Going through workaround - Add Mifare Classic in Discovery Map");
p_cmd_data[*cmd_len] = 0x80;
