Merge "L2CAP: Check length for packet before connection complete" into qt-qpr1-dev

commit: fb4b5ebf1dd89ca8f3903a436e39e803949735ea [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Fri Dec 20 18:45:07 2019 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Fri Dec 20 18:45:07 2019 +0000
tree: 909197eadc08ae69d2fa45e1d9d77c65f7d0672d
parent: 8aba91ab967ed6cd1edba9062e723b57738e9303 [diff]
parent: 0c3b124c24d2af23756507139c96329dbb3fea6b [diff]
diff --git a/stack/l2cap/l2c_main.cc b/stack/l2cap/l2c_main.cc
index 128f60e..52d77c5 100644
--- a/stack/l2cap/l2c_main.cc
+++ b/stack/l2cap/l2c_main.cc

@@ -97,6 +97,11 @@
     /* There is a slight possibility (specifically with USB) that we get an */
     /* L2CAP connection request before we get the HCI connection complete.  */
     /* So for these types of messages, hold them for up to 2 seconds.       */
+    if (l2cap_len == 0) {
+      L2CAP_TRACE_WARNING("received empty L2CAP packet");
+      osi_free(p_msg);
+      return;
+    }
     uint8_t cmd_code;
     STREAM_TO_UINT8(cmd_code, p);
commit	fb4b5ebf1dd89ca8f3903a436e39e803949735ea	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Fri Dec 20 18:45:07 2019 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Fri Dec 20 18:45:07 2019 +0000
tree	909197eadc08ae69d2fa45e1d9d77c65f7d0672d
parent	8aba91ab967ed6cd1edba9062e723b57738e9303 [diff]
parent	0c3b124c24d2af23756507139c96329dbb3fea6b [diff]