commit 954756471387a741883db082bd0a0b06fea8945e
author android-build-team Robot <android-build-team-robot@google.com> Tue Aug 13 16:27:51 2019 +0000
committer android-build-team Robot <android-build-team-robot@google.com> Tue Aug 13 16:27:51 2019 +0000
tree e9287fd4f94f38efc8b0b57daa6c2edbb1e11bc4
parent f6d7678d7ee3d59c222608216a8437c830c205f4
parent 4c7873cc30820d666084bafcd90c903e589fd6bb

Snap for 5674421 from 4c7873cc30820d666084bafcd90c903e589fd6bb to pi-platform-release

Change-Id: Ib5f5553a23f5b24fddae10c1a12893993b2bb2fa

nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp

diff --git a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp
index 1261c3f..9f04c18 100644
--- a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp
+++ b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp
@@ -16,6 +16,7 @@
 
 #include <android-base/stringprintf.h>
 #include <base/logging.h>
+#include <log/log.h>
 #include <nfc_api.h>
 #include <nfc_int.h>
 #include <phNfcCompId.h>
@@ -993,12 +994,21 @@
   NFCSTATUS status = NFCSTATUS_FAILED;
   uint8_t i = 0x00;
 
+  if (len == 0) {
+    android_errorWriteLog(0x534e4554, "132082342");
+    return status;
+  }
+
   gphNxpExtns_Context.RawWriteCallBack = false;
   gphNxpExtns_Context.CallBackMifare = NULL;
   gphNxpExtns_Context.CallBackCtxt = NdefMap;
 
   EXTNS_SetCallBackFlag(true);
   if (p_data[0] == 0x60 || p_data[0] == 0x61) {
+    if (len < 12) {
+      android_errorWriteLog(0x534e4554, "125900276");
+      return status;
+    }
     NdefMap->Cmd.MfCmd = (phNfc_eMifareCmdList_t)p_data[0];
 
     NdefMap->SendRecvBuf[i++] = p_data[1];
@@ -1857,6 +1867,11 @@
       0x00, 0x00, 0x00, 0x00,
   };
 
+  if (SendLength == 0) {
+    android_errorWriteLog(0x534e4554, "132083376");
+    return status;
+  }
+
   buff = (uint8_t*)malloc((uint32_t)MAX_BUFF_SIZE);
   if (NULL == buff) {
     return status;