Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / bt / 2209109b8981c564961d35f760d03c9230665fe7
commit2209109b8981c564961d35f760d03c9230665fe7[log] [tgz]
authorBrian Delwiche <delwiche@google.com>Fri May 19 19:17:16 2023 +0000
committerPrashantsinh Parmar <prashantsinh.parmar@fairphone.partners>Mon Oct 09 23:44:20 2023 +0530
tree504b2b64a008657c86ca4dc5eaa1e0618c2192f9
parentbaf8421e88e5a0b2d067d0e2722f79b7792cabfe [diff]
Fix integer overflow in build_read_multi_rsp

Local variables tracking structure size in build_read_multi_rsp are of
uint16 type but accept a full uint16 range from function arguments while
appending a fixed-length offset.  This can lead to an integer overflow
and unexpected behavior.

Change the locals to size_t, and add a check during reasssignment.

Bug: 273966636
Test: atest bluetooth_test_gd_unit, net_test_stack_btm
Tag: #security
Ignore-AOSP-First: Security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:53f64274cbf2268ad6db5af9c61ceead9ef64fb0)
Merged-In: Iff252f0dd06aac9776e8548631e0b700b3ed85b9
Change-Id: Iff252f0dd06aac9776e8548631e0b700b3ed85b9

Change-Id: I209fe8c46f4c96da6dc99d3c32c2185ec3884bfe
1 file changed
tree: 504b2b64a008657c86ca4dc5eaa1e0618c2192f9
  1. apex/
  2. audio_a2dp_hw/
  3. audio_bluetooth_hw/
  4. audio_hal_interface/
  5. audio_hearing_aid_hw/
  6. binder/
  7. bta/
  8. btcore/
  9. btif/
  10. build/
  11. common/
  12. conf/
  13. device/
  14. doc/
  15. embdrv/
  16. gd/
  17. hci/
  18. include/
  19. internal_include/
  20. linux_include/
  21. main/
  22. osi/
  23. packet/
  24. profile/
  25. proto/
  26. service/
  27. stack/
  28. test/
  29. tools/
  30. types/
  31. udrv/
  32. utils/
  33. vendor_libs/
  34. vnd/
  35. .clang-format
  36. .gitignore
  37. .gn
  38. .style.yapf
  39. Android.bp
  40. AndroidTestTemplate.xml
  41. BUILD.gn
  42. CleanSpec.mk
  43. EventLogTags.logtags
  44. MODULE_LICENSE_APACHE2
  45. NOTICE
  46. OWNERS
  47. PREUPLOAD.cfg
  48. README.md
  49. TEST_MAPPING
README.md

Fluoride Bluetooth stack

Building and running on AOSP

Just build AOSP - Fluoride is there by default.

Building and running on Linux

Instructions for Ubuntu, tested on 14.04 with Clang 3.5.0 and 16.10 with Clang 3.8.0

Download source

mkdir ~/fluoride
cd ~/fluoride
git clone https://android.googlesource.com/platform/system/bt

Install dependencies (require sudo access):

cd ~/fluoride/bt
build/install_deps.sh

Then fetch third party dependencies:

cd ~/fluoride/bt
mkdir third_party
cd third_party
git clone https://github.com/google/googletest.git
git clone https://android.googlesource.com/platform/external/aac
git clone https://android.googlesource.com/platform/external/libchrome
git clone https://android.googlesource.com/platform/external/libldac
git clone https://android.googlesource.com/platform/external/modp_b64
git clone https://android.googlesource.com/platform/external/tinyxml2

And third party dependencies of third party dependencies:

cd fluoride/bt/third_party/libchrome/base/third_party
mkdir valgrind
cd valgrind
curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/valgrind.h?format=TEXT | base64 -d > valgrind.h
curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/memcheck.h?format=TEXT | base64 -d > memcheck.h

NOTE: If system/bt is checked out under AOSP, then create symbolic links instead of downloading sources

cd system/bt
mkdir third_party
cd third_party
ln -s ../../../external/aac aac
ln -s ../../../external/libchrome libchrome
ln -s ../../../external/libldac libldac
ln -s ../../../external/modp_b64 modp_b64
ln -s ../../../external/tinyxml2 tinyxml2
ln -s ../../../external/googletest googletest

Generate your build files

cd ~/fluoride/bt
gn gen out/Default

Build

cd ~/fluoride/bt
ninja -C out/Default all

This will build all targets (the shared library, executables, tests, etc) and put them in out/Default. To build an individual target, replace "all" with the target of your choice, e.g. ninja -C out/Default net_test_osi.

Run

cd ~/fluoride/bt/out/Default
LD_LIBRARY_PATH=./ ./bluetoothtbd -create-ipc-socket=fluoride

Eclipse IDE Support

  1. Follows the Chromium project Eclipse Setup Instructions until "Optional: Building inside Eclipse" section (don't do that section, we will set it up differently)

  2. Generate Eclipse settings:

cd system/bt
gn gen --ide=eclipse out/Default

  1. In Eclipse, do File->Import->C/C++->C/C++ Project Settings, choose the XML location under system/bt/out/Default

  2. Right click on the project. Go to Preferences->C/C++ Build->Builder Settings. Uncheck "Use default build command", but instead using "ninja -C out/Default"

  3. Goto Behaviour tab, change clean command to "-t clean"