Prevent integer underflow in rw_t2t_handle_tlv_detect_rsp()
Bug: 121035711
Test: NFC Enable/Disable
Merged-In: Ifa3e5fdf23f267a0d6c3aa8495c4c83f20153025
Change-Id: Ifa3e5fdf23f267a0d6c3aa8495c4c83f20153025
diff --git a/src/nfc/tags/rw_t2t_ndef.c b/src/nfc/tags/rw_t2t_ndef.c
index 83910e4..def45bb 100644
--- a/src/nfc/tags/rw_t2t_ndef.c
+++ b/src/nfc/tags/rw_t2t_ndef.c
@@ -585,7 +585,12 @@
break;
case TAG_LOCK_CTRL_TLV:
- p_t2t->bytes_count--;
+ if (p_t2t->bytes_count > 0) {
+ p_t2t->bytes_count--;
+ } else {
+ RW_TRACE_ERROR0("Underflow p_t2t->bytes_count!");
+ android_errorWriteLog(0x534e4554, "120506143");
+ }
if ((tlvtype == TAG_LOCK_CTRL_TLV) || (tlvtype == TAG_NDEF_TLV)) {
/* Collect Lock TLV */
p_t2t->tlv_value[2 - p_t2t->bytes_count] = p_data[offset];
@@ -633,7 +638,12 @@
break;
case TAG_MEM_CTRL_TLV:
- p_t2t->bytes_count--;
+ if (p_t2t->bytes_count > 0) {
+ p_t2t->bytes_count--;
+ } else {
+ RW_TRACE_ERROR0("bytes_count underflow!");
+ android_errorWriteLog(0x534e4554, "120506143");
+ }
if ((tlvtype == TAG_MEM_CTRL_TLV) || (tlvtype == TAG_NDEF_TLV)) {
p_t2t->tlv_value[2 - p_t2t->bytes_count] = p_data[offset];
if (p_t2t->bytes_count == 0) {
@@ -665,7 +675,12 @@
break;
case TAG_PROPRIETARY_TLV:
- p_t2t->bytes_count--;
+ if (p_t2t->bytes_count > 0) {
+ p_t2t->bytes_count--;
+ } else {
+ RW_TRACE_ERROR0("bytes_count underflow!");
+ android_errorWriteLog(0x534e4554, "120506143");
+ }
if (tlvtype == TAG_PROPRIETARY_TLV) {
found = true;
p_t2t->prop_msg_len = len;