Merge branch 'dev/11/fp3/security-aosp-rvc-release' into int/11/fp3
* dev/11/fp3/security-aosp-rvc-release:
Fix gatt_end_operation buffer overflow
Change-Id: Ib1a96649930d942fc63db754924ca28b5e0ad135
diff --git a/stack/gatt/gatt_utils.cc b/stack/gatt/gatt_utils.cc
index 2bd4240..0130117 100644
--- a/stack/gatt/gatt_utils.cc
+++ b/stack/gatt/gatt_utils.cc
@@ -1198,6 +1198,13 @@
cb_data.att_value.handle = p_clcb->s_handle;
cb_data.att_value.len = p_clcb->counter;
+ if (cb_data.att_value.len > GATT_MAX_ATTR_LEN) {
+ LOG(WARNING) << __func__
+ << StringPrintf(" Large cb_data.att_value, size=%d",
+ cb_data.att_value.len);
+ cb_data.att_value.len = GATT_MAX_ATTR_LEN;
+ }
+
if (p_data && p_clcb->counter)
memcpy(cb_data.att_value.value, p_data, cb_data.att_value.len);
}