Prevent uncleared memory leaking in rw_i93.cc
Bug: 139738828
Test: manual
Merged-In: I4e330d4ad1380dbd1e695f81b8183ca8b182b114
Change-Id: I4e330d4ad1380dbd1e695f81b8183ca8b182b114
(cherry picked from commit aa578e007b6d535d78442a1e0ecdf61eb9888782)
diff --git a/src/nfc/tags/rw_i93.c b/src/nfc/tags/rw_i93.c
index cbce920..00417c2 100644
--- a/src/nfc/tags/rw_i93.c
+++ b/src/nfc/tags/rw_i93.c
@@ -2397,12 +2397,20 @@
}
/* get buffer to store CC, zero length NDEF TLV and Terminator TLV */
- p_i93->p_update_data = (uint8_t*)GKI_getbuf(RW_I93_FORMAT_DATA_LEN);
+ /* Block size could be either 4 or 8 or 16 or 32 bytes */
+ /* Get buffer for the largest block size I93_MAX_BLOCK_LENGH */
+ p_i93->p_update_data = (uint8_t*)GKI_getbuf(I93_MAX_BLOCK_LENGH);
if (!p_i93->p_update_data) {
RW_TRACE_ERROR0("rw_i93_sm_format (): Cannot allocate buffer");
rw_i93_handle_error(NFC_STATUS_FAILED);
break;
+ } else if (p_i93->block_size > RW_I93_FORMAT_DATA_LEN) {
+ /* Possible leaking information from previous NFC transactions */
+ /* Clear previous values */
+ memset(p_i93->p_update_data, I93_ICODE_TLV_TYPE_NULL,
+ I93_MAX_BLOCK_LENGH);
+ android_errorWriteLog(0x534e4554, "139738828");
}
p = p_i93->p_update_data;
