An integer underflow vuln of nxp nfc hal library Bug: 169258743 Test: build ok Change-Id: I98fbd6ac69ee89dadadae2f0553be47e3580a838

commit: fc44434f7728cdf6cd6e29729dfdb79d2f1809e4 [log] [tgz]
author: Alisher Alikhodjaev <alisher@google.com> Thu Oct 22 16:13:41 2020 -0700
committer: Alisher Alikhodjaev <alisher@google.com> Thu Oct 22 16:13:41 2020 -0700
tree: 1c41d90c52a74aeba0cbdc825098d42c6ede945f
parent: b3a413395fc017be496a9a25057079d63a24ba1c [diff]
diff --git a/halimpl/hal/phNxpNciHal_ext.cc b/halimpl/hal/phNxpNciHal_ext.cc
index 6e10773..2833b0e 100644
--- a/halimpl/hal/phNxpNciHal_ext.cc
+++ b/halimpl/hal/phNxpNciHal_ext.cc

@@ -143,6 +143,10 @@
   status = NFCSTATUS_SUCCESS;
 
   if (bDisableLegacyMfcExtns && bEnableMfcExtns && p_ntf[0] == 0) {
+    if (*p_len < NCI_HEADER_SIZE) {
+      android_errorWriteLog(0x534e4554, "169258743");
+      return NFCSTATUS_FAILED;
+    }
     uint16_t extlen;
     extlen = *p_len - NCI_HEADER_SIZE;
     NxpMfcReaderInstance.AnalyzeMfcResp(&p_ntf[3], &extlen);
commit	fc44434f7728cdf6cd6e29729dfdb79d2f1809e4	[log] [tgz]
author	Alisher Alikhodjaev <alisher@google.com>	Thu Oct 22 16:13:41 2020 -0700
committer	Alisher Alikhodjaev <alisher@google.com>	Thu Oct 22 16:13:41 2020 -0700
tree	1c41d90c52a74aeba0cbdc825098d42c6ede945f
parent	b3a413395fc017be496a9a25057079d63a24ba1c [diff]