Google Git
Sign in
android / platform / packages / apps / Nfc / 4ce9d55d26d239571909ed8981519734bcb355be^! / .
commit4ce9d55d26d239571909ed8981519734bcb355be[log] [tgz]
authorGeorge Chang <georgekgchang@google.com>Tue Jul 09 15:46:28 2019 +0800
committerandroid-build-team Robot <android-build-team-robot@google.com>Wed Aug 14 23:25:08 2019 +0000
tree353242306f1107e980e9cd56016a94d4af080908
parentdae89562f1e4c0d0f8cc7c4e2d352716f8e7a1a7 [diff]
Prevent length underflow in NfcTag.cpp

Bug: 124940143
Test: Read Type4B Tag
Exempt-From-Owner-Approval: Old Owners are all transferred to another BU
Change-Id: Ibdab756410bf55d701875279df3e289dbc9369d6
(cherry picked from commit c7b41a96744e1ac30920991ef1b427acbcde44db)

diff --git a/nci/jni/NfcTag.cpp b/nci/jni/NfcTag.cpp
index d8a42c1..7194d8c 100644
--- a/nci/jni/NfcTag.cpp
+++ b/nci/jni/NfcTag.cpp

@@ -21,6 +21,7 @@
 
 #include <android-base/stringprintf.h>
 #include <base/logging.h>
+#include <log/log.h>
 #include <nativehelper/ScopedLocalRef.h>
 #include <nativehelper/ScopedPrimitiveArray.h>
 
@@ -713,7 +714,14 @@
         DLOG_IF(INFO, nfc_debug_enabled)
             << StringPrintf("%s: tech B; TARGET_TYPE_ISO14443_3B", fn);
         len = mTechParams[i].param.pb.sensb_res_len;
-        len = len - 4;  // subtract 4 bytes for NFCID0 at byte 2 through 5
+        if (len >= NFC_NFCID0_MAX_LEN) {
+          // subtract 4 bytes for NFCID0 at byte 2 through 5
+          len = len - NFC_NFCID0_MAX_LEN;
+        } else {
+          android_errorWriteLog(0x534e4554, "124940143");
+          LOG(ERROR) << StringPrintf("%s: sensb_res_len error", fn);
+          len = 0;
+        }
         pollBytes.reset(e->NewByteArray(len));
         e->SetByteArrayRegion(pollBytes.get(), 0, len,
                               (jbyte*)(mTechParams[i].param.pb.sensb_res + 4));