From c621375e83f070b3d377d97b66290e4db5831af1 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed, 16 Apr 2014 09:16:19 +0300
Subject: [PATCH] android/avctp: Add proper checks for invalid browsing PDUs

---
 android/avctp.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/android/avctp.c b/android/avctp.c
index 4556ceb0a..94f84ad4d 100644
--- a/android/avctp.c
+++ b/android/avctp.c
@@ -814,10 +814,17 @@ static gboolean session_browsing_cb(GIOChannel *chan, GIOCondition cond,
 	if (ret <= 0)
 		goto failed;
 
+	if (ret < AVCTP_HEADER_LENGTH) {
+		error("Too small AVCTP packet");
+		goto failed;
+	}
+
 	avctp = (struct avctp_header *) buf;
 
-	if (avctp->packet_type != AVCTP_PACKET_SINGLE)
+	if (avctp->packet_type != AVCTP_PACKET_SINGLE) {
+		error("Invalid packet type");
 		goto failed;
+	}
 
 	operands = buf + AVCTP_HEADER_LENGTH;
 	ret -= AVCTP_HEADER_LENGTH;
-- 
2.47.3