commit 605ebb3369b3f961196815065a9fe4ba5bc4d659
author Hansong Zhang <hsz@google.com> Thu Apr 26 15:50:53 2018 -0700
committer android-build-team Robot <android-build-team-robot@google.com> Fri May 25 18:41:55 2018 +0000
tree 1aa2f291e874de550d291008c4ada54f460e827b
parent 718aa1b3ec47bbc269bc61bc1b0ad956de204619

DO NOT MERGE Prevent stack overflow in btif_storage

Bug: 73963551
Test: manual
Change-Id: I5f7a583aad150ebf9e3d492181d80ca935c8aa3f
(cherry picked from commit e8d311224277e9db5dc94cb94929125992f546f3)

btif/src/btif_storage.cc

diff --git a/btif/src/btif_storage.cc b/btif/src/btif_storage.cc
index 9d4a84e..1c34787 100644
--- a/btif/src/btif_storage.cc
+++ b/btif/src/btif_storage.cc
@@ -235,6 +235,10 @@
         bt_uuid_t* p_uuid = (bt_uuid_t*)prop->val + i;
         memset(buf, 0, sizeof(buf));
         uuid_to_string_legacy(p_uuid, buf, sizeof(buf));
+        if (strlen(value) + strlen(buf) + 1 > (int) sizeof(value) - 1) {
+          android_errorWriteLog(0x534e4554, "73963551");
+          return false;
+        }
         strcat(value, buf);
         // strcat(value, ";");
         strcat(value, " ");