An integer underflow vuln of nxp nfc hal library
Bug: 169258743
Test: build ok
Change-Id: I98fbd6ac69ee89dadadae2f0553be47e3580a838
diff --git a/halimpl/hal/phNxpNciHal_ext.cc b/halimpl/hal/phNxpNciHal_ext.cc
index 6e10773..2833b0e 100644
--- a/halimpl/hal/phNxpNciHal_ext.cc
+++ b/halimpl/hal/phNxpNciHal_ext.cc
@@ -143,6 +143,10 @@
status = NFCSTATUS_SUCCESS;
if (bDisableLegacyMfcExtns && bEnableMfcExtns && p_ntf[0] == 0) {
+ if (*p_len < NCI_HEADER_SIZE) {
+ android_errorWriteLog(0x534e4554, "169258743");
+ return NFCSTATUS_FAILED;
+ }
uint16_t extlen;
extlen = *p_len - NCI_HEADER_SIZE;
NxpMfcReaderInstance.AnalyzeMfcResp(&p_ntf[3], &extlen);