From a8e5fe8a3cfeef8cdfcfc42abceb37a1766bf48f Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Tue, 15 Apr 2014 15:18:01 +0300
Subject: [PATCH] android/avrcp-lib: Fix NULL pointer dereference

In case parse_pdu fails it returns NULL so pdu must be set with operands
even though it contain an invalid PDU its buffer can be used.
---
 android/avrcp-lib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/android/avrcp-lib.c b/android/avrcp-lib.c
index 5f7ca6b6a..73f827b4a 100644
--- a/android/avrcp-lib.c
+++ b/android/avrcp-lib.c
@@ -207,6 +207,7 @@ static ssize_t handle_vendordep_pdu(struct avctp *conn, uint8_t transaction,
 
 	pdu = parse_pdu(operands, operand_count);
 	if (!pdu) {
+		pdu = (void *) operands;
 		pdu->params[0] = AVRCP_STATUS_INVALID_COMMAND;
 		goto reject;
 	}
-- 
2.47.3