Prevent OOB error for T2T read/writes
Bug: 112161557
Test: Tag reading, HCE
Merged-In: If170e107b172a590b53f916b12865a1839a25667
Change-Id: If170e107b172a590b53f916b12865a1839a25667
(cherry picked from commit 783bc0052f02c8672fe0b57d1cf94735e2a816c0)
diff --git a/src/nfc/tags/rw_t2t_ndef.c b/src/nfc/tags/rw_t2t_ndef.c
index 2752963..83910e4 100644
--- a/src/nfc/tags/rw_t2t_ndef.c
+++ b/src/nfc/tags/rw_t2t_ndef.c
@@ -22,6 +22,7 @@
* Reader/Writer mode.
*
******************************************************************************/
+#include <log/log.h>
#include <string.h>
#include "nfc_target.h"
@@ -606,6 +607,10 @@
/* Extract lockbytes info addressed by this Lock TLV */
xx = 0;
+ if (count > RW_T2T_MAX_LOCK_BYTES) {
+ count = RW_T2T_MAX_LOCK_BYTES;
+ android_errorWriteLog(0x534e4554, "112161557");
+ }
while (xx < count) {
p_t2t->lockbyte[p_t2t->num_lockbytes].tlv_index =
p_t2t->num_lock_tlvs;