HIDD: Check descriptor length and increase buffer

Since maximum descriptor length is 2048, we need to assign 2054 bytes of
buffer for another 6 bytes of data. Also added a const for maximum
descriptor length.

Bug: 113572366
Test: manual
Change-Id: Ie2b25c9e1a9f2019cbc7e6fbecbb08b643c87946
Merged-In: Ie2b25c9e1a9f2019cbc7e6fbecbb08b643c87946
diff --git a/bta/hd/bta_hd_int.h b/bta/hd/bta_hd_int.h
index 4a48254..0748b67 100644
--- a/bta/hd/bta_hd_int.h
+++ b/bta/hd/bta_hd_int.h
@@ -66,7 +66,7 @@
 #define BTA_HD_APP_NAME_LEN 50
 #define BTA_HD_APP_DESCRIPTION_LEN 50
 #define BTA_HD_APP_PROVIDER_LEN 50
-#define BTA_HD_APP_DESCRIPTOR_LEN 2048
+#define BTA_HD_APP_DESCRIPTOR_LEN HIDD_APP_DESCRIPTOR_LEN
 
 #define BTA_HD_STATE_DISABLED 0x00
 #define BTA_HD_STATE_ENABLED 0x01
diff --git a/stack/hid/hidd_api.cc b/stack/hid/hidd_api.cc
index 414cf74..f93511e 100644
--- a/stack/hid/hidd_api.cc
+++ b/stack/hid/hidd_api.cc
@@ -33,6 +33,7 @@
 #include "hidd_api.h"
 #include "hidd_int.h"
 #include "hiddefs.h"
+#include "log/log.h"
 
 tHID_DEV_CTB hd_cb;
 
@@ -293,7 +294,13 @@
       uint8_t* p_buf;
       uint8_t seq_len = 4 + desc_len;
 
-      p_buf = (uint8_t*)osi_malloc(2048);
+      if (desc_len > HIDD_APP_DESCRIPTOR_LEN) {
+        HIDD_TRACE_ERROR("%s: descriptor length = %d, larger than max %d",
+                         __func__, desc_len, HIDD_APP_DESCRIPTOR_LEN);
+        return HID_ERR_NOT_REGISTERED;
+      };
+
+      p_buf = (uint8_t*)osi_malloc(HIDD_APP_DESCRIPTOR_LEN + 6);
 
       if (p_buf == NULL) {
         HIDD_TRACE_ERROR("%s: Buffer allocation failure for size = 2048 ",
@@ -314,6 +321,10 @@
       UINT8_TO_BE_STREAM(p, desc_len);
       ARRAY_TO_BE_STREAM(p, p_desc_data, (int)desc_len);
 
+      if (desc_len > HIDD_APP_DESCRIPTOR_LEN - 6) {
+        android_errorWriteLog(0x534e4554, "113572366");
+      }
+
       result &= SDP_AddAttribute(handle, ATTR_ID_HID_DESCRIPTOR_LIST,
                                  DATA_ELE_SEQ_DESC_TYPE, p - p_buf, p_buf);
 
diff --git a/stack/include/hiddefs.h b/stack/include/hiddefs.h
index 8df616c..df01e7d 100644
--- a/stack/include/hiddefs.h
+++ b/stack/include/hiddefs.h
@@ -131,6 +131,8 @@
 
 #define HID_SSR_PARAM_INVALID 0xffff
 
+#define HIDD_APP_DESCRIPTOR_LEN 2048
+
 typedef struct sdp_info {
   char svc_name[HID_MAX_SVC_NAME_LEN];   /*Service Name */
   char svc_descr[HID_MAX_SVC_DESCR_LEN]; /*Service Description*/