Diff between bf1d6f9bed76ff803a6f369634568cde09d8f6ae and c621375e83f070b3d377d97b66290e4db5831af1
Changed Files
| File | Additions | Deletions | Status |
| android/avctp.c | +8 | -1 | modified |
Full Patch
diff --git a/android/avctp.c b/android/avctp.c
index 4556ceb..94f84ad 100644
--- a/android/avctp.c
+++ b/android/avctp.c
@@ -814,10 +814,17 @@ static gboolean session_browsing_cb(GIOChannel *chan, GIOCondition cond,
if (ret <= 0)
goto failed;
+ if (ret < AVCTP_HEADER_LENGTH) {
+ error("Too small AVCTP packet");
+ goto failed;
+ }
+
avctp = (struct avctp_header *) buf;
- if (avctp->packet_type != AVCTP_PACKET_SINGLE)
+ if (avctp->packet_type != AVCTP_PACKET_SINGLE) {
+ error("Invalid packet type");
goto failed;
+ }
operands = buf + AVCTP_HEADER_LENGTH;
ret -= AVCTP_HEADER_LENGTH;