DO NOT MERGE Fix OOB read before buffer length check
Bug: 111936834
Test: manual
Change-Id: Ib98528fb62db0d724ebd9112d071e367f78e369d
(cherry picked from commit 4548f34c90803c6544f6bed03399f2eabeab2a8e)
diff --git a/stack/smp/smp_act.cc b/stack/smp/smp_act.cc
index 2103776..59045be 100644
--- a/stack/smp/smp_act.cc
+++ b/stack/smp/smp_act.cc
@@ -725,13 +725,17 @@
uint8_t reason = SMP_INVALID_PARAMETERS;
SMP_TRACE_DEBUG("%s", __func__);
- p_cb->status = *(uint8_t*)p_data;
if (smp_command_has_invalid_parameters(p_cb)) {
+ if (p_cb->rcvd_cmd_len < 2) { // 1 (opcode) + 1 (Notif Type) bytes
+ android_errorWriteLog(0x534e4554, "111936834");
+ }
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
return;
}
+ p_cb->status = *(uint8_t*)p_data;
+
if (p != NULL) {
STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
} else {