DO NOT MERGE Fix OOB read in avrc_ctrl_pars_vendor_rsp
Bug: 78526423
Test: manual
Change-Id: I0eeacc6a25b12f4b999098375d0d032cfa462a91
(cherry picked from commit 082353ad14082babaf8bcb1fba000b3cf1450c11)
diff --git a/stack/avrc/avrc_pars_ct.c b/stack/avrc/avrc_pars_ct.c
index 018870a..038b6a5 100644
--- a/stack/avrc/avrc_pars_ct.c
+++ b/stack/avrc/avrc_pars_ct.c
@@ -251,6 +251,11 @@
break;
}
BE_STREAM_TO_UINT8(p_result->list_app_values.num_val, p);
+ if (p_result->list_app_values.num_val > AVRC_MAX_APP_ATTR_SIZE) {
+ android_errorWriteLog(0x534e4554, "78526423");
+ p_result->list_app_values.num_val = AVRC_MAX_APP_ATTR_SIZE;
+ }
+
AVRC_TRACE_DEBUG("%s value count = %d ", __func__, p_result->list_app_values.num_val);
for(int xx = 0; xx < p_result->list_app_values.num_val; xx++)
{