OOBW due to incorrect error handling
Out-Of-Bounds Write due to increase mNumTechList without bounds checking
Bug: 189942532
Test: build ok
Change-Id: I26e3c84bc572b6341692794d1bee2bc9be1b1160
diff --git a/nci/jni/NfcTag.cpp b/nci/jni/NfcTag.cpp
index b9d8d55..5af2b79 100755
--- a/nci/jni/NfcTag.cpp
+++ b/nci/jni/NfcTag.cpp
@@ -289,6 +289,10 @@
if (mTechListTail < (MAX_NUM_TECHNOLOGY - 1)) {
mNumTechList = mTechListTail;
+ } else {
+ LOG(ERROR) << StringPrintf("%s: exceed max=%d", fn, MAX_NUM_TECHNOLOGY);
+ android_errorWriteLog(0x534e4554, "189942532");
+ goto TheEnd;
}
mTechHandles[mNumTechList] = rfDetail.rf_disc_id;
mTechLibNfcTypes[mNumTechList] = rfDetail.protocol;
@@ -413,6 +417,7 @@
<< StringPrintf("%s: index=%d; tech=%d; handle=%d; nfc type=%d", fn, i,
mTechList[i], mTechHandles[i], mTechLibNfcTypes[i]);
}
+TheEnd:
DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf("%s: exit", fn);
}
@@ -1624,4 +1629,4 @@
** Returns: number of discovery notifications received from NFCC
**
*******************************************************************************/
-int NfcTag::getNumDiscNtf() { return mNumDiscNtf; }
\ No newline at end of file
+int NfcTag::getNumDiscNtf() { return mNumDiscNtf; }
