Prevent Out of bound error in phNxpNciHal_process_ext_rsp
Bug: 118152591
Test: Nfc Enable/Disable, R/W, P2P
Merged-In: I53bfc1b7eca4c3306f20488dc5fb8ccf9ed0e330
Change-Id: I53bfc1b7eca4c3306f20488dc5fb8ccf9ed0e330
(cherry picked from commit 210180d4eb8971f74aa17d1677e97a342c29c7b1)
diff --git a/halimpl/hal/phNxpNciHal_ext.cc b/halimpl/hal/phNxpNciHal_ext.cc
index 646a07b..bc3f7ec 100755
--- a/halimpl/hal/phNxpNciHal_ext.cc
+++ b/halimpl/hal/phNxpNciHal_ext.cc
@@ -12,8 +12,8 @@
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- */#include <log/log.h>
-
+ */
+#include <log/log.h>
#include <phDal4Nfc_messageQueueLib.h>
#include <phNxpConfig.h>
#include <phNxpLog.h>
@@ -98,6 +98,15 @@
NFCSTATUS phNxpNciHal_process_ext_rsp(uint8_t* p_ntf, uint16_t* p_len) {
NFCSTATUS status = NFCSTATUS_SUCCESS;
+ if (p_ntf[0] == 0x61 && p_ntf[1] == 0x05 && *p_len < 14) {
+ if(*p_len <= 6) {
+ android_errorWriteLog(0x534e4554, "118152591");
+ }
+ NXPLOG_NCIHAL_E("RF_INTF_ACTIVATED_NTF length error!");
+ status = NFCSTATUS_FAILED;
+ return status;
+ }
+
if (p_ntf[0] == 0x61 && p_ntf[1] == 0x05 && p_ntf[4] == 0x03 &&
p_ntf[5] == 0x05 && nxpprofile_ctrl.profile_type == EMV_CO_PROFILE) {
p_ntf[4] = 0xFF;