Snap for 8303596 from c465e9fe20d773da28a9805e9f0ac4ad57b29bdf to mainline-sdkext-release
Change-Id: I23d15768c64ae4dec6f9e07f79f52dfed3eaa90b
diff --git a/Android.bp b/Android.bp
index 2b49380..81162c4 100644
--- a/Android.bp
+++ b/Android.bp
@@ -66,3 +66,21 @@
"AndroidTestTemplate.xml",
],
}
+
+filegroup {
+ name: "framework-bluetooth-srcs",
+ srcs: [],
+ visibility: ["//visibility:private"]
+}
+
+java_library {
+ name: "framework-bluetooth",
+ srcs: [":framework-bluetooth-srcs"],
+ sdk_version: "module_current"
+}
+
+java_library {
+ name: "framework-bluetooth.stubs.module_lib",
+ srcs: [":framework-bluetooth-srcs"],
+ sdk_version: "module_current"
+}
diff --git a/apex/Android.bp b/apex/Android.bp
index c206dca..676623a 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -35,3 +35,12 @@
name: "com.android.bluetooth.updatable.certificate",
certificate: "com.android.bluetooth.updatable",
}
+
+// Empty, disabled APEX to allow other libraries to specify "apex_available"
+// in all branches without merge conflicts.
+apex {
+ name: "com.android.bluetooth",
+ enabled: false,
+ key: "com.android.bluetooth.updatable.key",
+ certificate: ":com.android.bluetooth.updatable.certificate",
+}
diff --git a/stack/avrc/avrc_pars_ct.cc b/stack/avrc/avrc_pars_ct.cc
index 2141bf17..0555af0 100644
--- a/stack/avrc/avrc_pars_ct.cc
+++ b/stack/avrc/avrc_pars_ct.cc
@@ -581,6 +581,10 @@
p_result->get_caps.capability_id,
p_result->get_caps.count);
if (p_result->get_caps.capability_id == AVRC_CAP_COMPANY_ID) {
+ if (p_result->get_caps.count > AVRC_CAP_MAX_NUM_COMP_ID) {
+ android_errorWriteLog(0x534e4554, "205837191");
+ return AVRC_STS_INTERNAL_ERR;
+ }
min_len += MIN(p_result->get_caps.count, AVRC_CAP_MAX_NUM_COMP_ID) * 3;
if (len < min_len) goto length_error;
for (int xx = 0; ((xx < p_result->get_caps.count) &&
@@ -590,6 +594,10 @@
}
} else if (p_result->get_caps.capability_id ==
AVRC_CAP_EVENTS_SUPPORTED) {
+ if (p_result->get_caps.count > AVRC_CAP_MAX_NUM_EVT_ID) {
+ android_errorWriteLog(0x534e4554, "205837191");
+ return AVRC_STS_INTERNAL_ERR;
+ }
min_len += MIN(p_result->get_caps.count, AVRC_CAP_MAX_NUM_EVT_ID);
if (len < min_len) goto length_error;
for (int xx = 0; ((xx < p_result->get_caps.count) &&
diff --git a/stack/l2cap/l2c_ble.cc b/stack/l2cap/l2c_ble.cc
index b826dc1..d548679 100644
--- a/stack/l2cap/l2c_ble.cc
+++ b/stack/l2cap/l2c_ble.cc
@@ -621,7 +621,7 @@
break;
}
case L2CAP_CMD_CREDIT_BASED_CONN_RES:
- if (p + 2 > p_pkt_end) {
+ if (p + 8 > p_pkt_end) {
LOG(ERROR) << "invalid L2CAP_CMD_CREDIT_BASED_CONN_RES len";
return;
}
@@ -811,6 +811,11 @@
case L2CAP_CMD_CREDIT_BASED_RECONFIG_RES: {
uint16_t result;
+ if (p + sizeof(uint16_t) > p_pkt_end) {
+ android_errorWriteLog(0x534e4554, "212694559");
+ LOG(ERROR) << "invalid read";
+ return;
+ }
STREAM_TO_UINT16(result, p);
L2CAP_TRACE_DEBUG(