Merge Android 12
Bug: 202323961
Merged-In: Ib5136d6b1d938fdfdd7789ee8c45834b44ed33d3
Change-Id: If0bf21490878eea261edd5f9b9593fa3c4fd8e8f
diff --git a/pn8x/halimpl/hal/phNxpNciHal.cc b/pn8x/halimpl/hal/phNxpNciHal.cc
index 37b0aa3..1ce5b87 100644
--- a/pn8x/halimpl/hal/phNxpNciHal.cc
+++ b/pn8x/halimpl/hal/phNxpNciHal.cc
@@ -2484,10 +2484,15 @@
******************************************************************************/
int phNxpNciHal_check_ncicmd_write_window(uint16_t cmd_len, uint8_t* p_cmd) {
- UNUSED(cmd_len);
NFCSTATUS status = NFCSTATUS_FAILED;
int sem_timedout = 2, s;
struct timespec ts;
+
+ if (cmd_len < 1) {
+ android_errorWriteLog(0x534e4554, "153880357");
+ return NFCSTATUS_FAILED;
+ }
+
if ((p_cmd[0] & 0xF0) == 0x20) {
clock_gettime(CLOCK_REALTIME, &ts);
ts.tv_sec += sem_timedout;
diff --git a/pn8x/halimpl/hal/phNxpNciHal_ext.cc b/pn8x/halimpl/hal/phNxpNciHal_ext.cc
index 3feaa01..59b6007 100644
--- a/pn8x/halimpl/hal/phNxpNciHal_ext.cc
+++ b/pn8x/halimpl/hal/phNxpNciHal_ext.cc
@@ -576,6 +576,13 @@
status = NFCSTATUS_FAILED;
goto clean_and_return;
}
+
+ if (cmd_len < 3) {
+ android_errorWriteLog(0x534e4554, "153880630");
+ status = NFCSTATUS_FAILED;
+ goto clean_and_return;
+ }
+
/* No NTF expected for OMAPI command */
if (p_cmd[0] == 0x2F && p_cmd[1] == 0x1 && p_cmd[2] == 0x01) {
nxpncihal_ctrl.nci_info.wait_for_ntf = FALSE;
@@ -703,7 +710,8 @@
}
}
- if (bEnableMfcReader && p_cmd_data[0] == 0x21 && p_cmd_data[1] == 0x00) {
+ if (*cmd_len <= (NCI_MAX_DATA_LEN - 3) && bEnableMfcReader &&
+ p_cmd_data[0] == 0x21 && p_cmd_data[1] == 0x00) {
NXPLOG_NCIHAL_D("Going through extns - Adding Mifare in RF Discovery");
p_cmd_data[2] += 3;
p_cmd_data[3] += 1;
@@ -814,7 +822,8 @@
phNxpNciHal_print_packet("RECV", p_rsp_data, 5);
// status = NFCSTATUS_FAILED;
NXPLOG_NCIHAL_D("> Going through workaround - Dirty Set Config - End ");
- } else if (p_cmd_data[0] == 0x21 && p_cmd_data[1] == 0x00) {
+ } else if (*cmd_len <= (NCI_MAX_DATA_LEN - 3) && p_cmd_data[0] == 0x21 &&
+ p_cmd_data[1] == 0x00) {
NXPLOG_NCIHAL_D(
"> Going through workaround - Add Mifare Classic in Discovery Map");
p_cmd_data[*cmd_len] = 0x80;
diff --git a/pn8x/halimpl/utils/NfccPowerTracker.cpp b/pn8x/halimpl/utils/NfccPowerTracker.cpp
index 4275114..b467d3d 100644
--- a/pn8x/halimpl/utils/NfccPowerTracker.cpp
+++ b/pn8x/halimpl/utils/NfccPowerTracker.cpp
@@ -126,10 +126,19 @@
ALOGD_IF(nfc_debug_enabled,
"NfccPowerTracker::ProcessCmd: Enter, Received len :%d", len);
bool screenStateCommand;
+
+ if (len < 4) {
+ android_errorWriteLog(0x534e4554, "153879824");
+ return;
+ }
if (cmd[0] == 0x20 && cmd[1] == 0x09) {
screenStateCommand = true;
} else {
screenStateCommand = false;
+ if (len < 8) {
+ android_errorWriteLog(0x534e4554, "153879824");
+ return;
+ }
}
if (screenStateCommand && (cmd[3] == 0x00 || cmd[3] == 0x02)) {
