Merge "OOBW in phNxpNciHal_process_ext_rsp" am: c3dff5c1d4 am: 8a8b1775df
Original change: https://android-review.googlesource.com/c/platform/hardware/nxp/nfc/+/2047664
Change-Id: Ifed08c0b9223d9d018e962d5f92080765756afc7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/snxxx/halimpl/hal/phNxpNciHal_ext.cc b/snxxx/halimpl/hal/phNxpNciHal_ext.cc
index bb7f5db..6b6b6a7 100755
--- a/snxxx/halimpl/hal/phNxpNciHal_ext.cc
+++ b/snxxx/halimpl/hal/phNxpNciHal_ext.cc
@@ -346,6 +346,11 @@
icode_send_eof = 0;
}
if (nxpncihal_ctrl.nci_info.nci_version != NCI_VERSION_2_0) {
+ if (*p_len <= (p_ntf[2] + 2)) {
+ android_errorWriteLog(0x534e4554, "181660091");
+ NXPLOG_NCIHAL_E("length error!");
+ return NFCSTATUS_FAILED;
+ }
if (p_ntf[p_ntf[2] + 2] == 0x00) {
NXPLOG_NCIHAL_D("> Going through workaround - data of ISO 15693");
p_ntf[2]--;
@@ -363,8 +368,8 @@
if (nfcFL.chipType < sn100u) icode_send_eof = 0;
} else if (*p_len == 4 && p_ntf[0] == 0x40 && p_ntf[1] == 0x02 &&
p_ntf[2] == 0x01 && p_ntf[3] == 0x06) {
- NXPLOG_NCIHAL_D("> Deinit workaround for LLCP set_config 0x%x 0x%x 0x%x",
- p_ntf[21], p_ntf[22], p_ntf[23]);
+ /* NXPLOG_NCIHAL_D("> Deinit workaround for LLCP set_config 0x%x 0x%x 0x%x",
+ p_ntf[21], p_ntf[22], p_ntf[23]); */
p_ntf[0] = 0x40;
p_ntf[1] = 0x02;
p_ntf[2] = 0x02;