GattServcer: Check invalid offset Test: manual Bug: 143231677 Change-Id: I0396380f431cdb7f91c78db6de9043ea0f373dfe Merged-In: I97e2c3ae15fccc482d07d8d621c455cc74900cfd Merged-In: I0ca22e7c60292d61c758120c1cd67f6e6edd8ae8

commit: c14c1fb86420bb69b1d8d2ee9e83108331183acd [log] [tgz]
author: Hansong Zhang <hsz@google.com> Thu Feb 13 11:40:44 2020 -0800
committer: Hansong Zhang <hsz@google.com> Tue Mar 10 17:15:15 2020 +0000
tree: e834195d586cac648edbf9954610add5f8b27196
parent: 561bf0a6043109e8b4bf8da869bfbdd108486254 [diff]
diff --git a/service/gatt_server.cc b/service/gatt_server.cc
index 63bacbb..104afe1 100644
--- a/service/gatt_server.cc
+++ b/service/gatt_server.cc

@@ -16,6 +16,7 @@
 
 #include "service/gatt_server.h"
 
+#include "osi/include/log.h"
 #include "service/logging_helpers.h"
 #include "stack/include/bt_types.h"
 
@@ -114,6 +115,12 @@
     return false;
   }
 
+  if (offset < 0) {
+    android_errorWriteLog(0x534e4554, "143231677");
+    LOG(ERROR) << "Offset is less than 0 offset: " << offset;
+    return false;
+  }
+
   if (value.size() + offset > BTGATT_MAX_ATTR_LEN) {
     LOG(ERROR) << "Value is too large";
     return false;
commit	c14c1fb86420bb69b1d8d2ee9e83108331183acd	[log] [tgz]
author	Hansong Zhang <hsz@google.com>	Thu Feb 13 11:40:44 2020 -0800
committer	Hansong Zhang <hsz@google.com>	Tue Mar 10 17:15:15 2020 +0000
tree	e834195d586cac648edbf9954610add5f8b27196
parent	561bf0a6043109e8b4bf8da869bfbdd108486254 [diff]