Security: Fix out of bound read in AT_SKIP_REST Bug: 220732646 Test: build Tag: #security Ignore-AOSP-First: Security bug Change-Id: Ia49f26e4979f9e57c448190a52d0d01b70e342c4 (cherry picked from commit 555d5c293ef83298681828048ee55c9d196118a3) Merged-In: Ia49f26e4979f9e57c448190a52d0d01b70e342c4

commit: 7c21b56b7880579965e95cf24c2ab49326a3f2b9 [log] [tgz]
author: Josh Wu <joshwu@google.com> Fri Apr 29 00:02:23 2022 -0700
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Mon May 16 21:13:06 2022 +0000
tree: e581e3bb93282ba77e97889ea475684c33ab0661
parent: 9e39fc68e82739dbd9f7403de244959ac7d54d2d [diff]
diff --git a/bta/hf_client/bta_hf_client_at.cc b/bta/hf_client/bta_hf_client_at.cc
index 5c514fe..0392a4d 100644
--- a/bta/hf_client/bta_hf_client_at.cc
+++ b/bta/hf_client/bta_hf_client_at.cc

@@ -816,9 +816,9 @@
   } while (0)
 
 /* skip rest of AT string up to <cr> */
-#define AT_SKIP_REST(buf)           \
-  do {                              \
-    while (*(buf) != '\r') (buf)++; \
+#define AT_SKIP_REST(buf)                             \
+  do {                                                \
+    while (*(buf) != '\r' && *(buf) != '\0') (buf)++; \
   } while (0)
 
 static char* bta_hf_client_parse_ok(tBTA_HF_CLIENT_CB* client_cb,
commit	7c21b56b7880579965e95cf24c2ab49326a3f2b9	[log] [tgz]
author	Josh Wu <joshwu@google.com>	Fri Apr 29 00:02:23 2022 -0700
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Mon May 16 21:13:06 2022 +0000
tree	e581e3bb93282ba77e97889ea475684c33ab0661
parent	9e39fc68e82739dbd9f7403de244959ac7d54d2d [diff]