Merge "Fix gatt_end_operation buffer overflow" into tm-dev

commit: e8779817c07d8e21bdc9f1522be6be86bc7a328a [log] [tgz]
author: Timothy Yiu <tyiu@google.com> Tue Apr 04 03:23:54 2023 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Tue Apr 04 03:23:54 2023 +0000
tree: d595c11931b5b0dbfdf9e94e18d2aa8fb52751a1
parent: 003c3d2765b0aa48bb474f1970df4310869aaf57 [diff]
parent: 7236e4492470e30c129d01d521a7d218494725b4 [diff]
diff --git a/system/stack/gatt/gatt_utils.cc b/system/stack/gatt/gatt_utils.cc
index 25f4e13..b43e2ba 100644
--- a/system/stack/gatt/gatt_utils.cc
+++ b/system/stack/gatt/gatt_utils.cc

@@ -1518,6 +1518,13 @@
       cb_data.att_value.handle = p_clcb->s_handle;
       cb_data.att_value.len = p_clcb->counter;
 
+      if (cb_data.att_value.len > GATT_MAX_ATTR_LEN) {
+        LOG(WARNING) << __func__
+                     << StringPrintf(" Large cb_data.att_value, size=%d",
+                                     cb_data.att_value.len);
+        cb_data.att_value.len = GATT_MAX_ATTR_LEN;
+      }
+
       if (p_data && p_clcb->counter)
         memcpy(cb_data.att_value.value, p_data, cb_data.att_value.len);
     }
commit	e8779817c07d8e21bdc9f1522be6be86bc7a328a	[log] [tgz]
author	Timothy Yiu <tyiu@google.com>	Tue Apr 04 03:23:54 2023 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Tue Apr 04 03:23:54 2023 +0000
tree	d595c11931b5b0dbfdf9e94e18d2aa8fb52751a1
parent	003c3d2765b0aa48bb474f1970df4310869aaf57 [diff]
parent	7236e4492470e30c129d01d521a7d218494725b4 [diff]