From 0d7e3d8fd96389f1435b76f37064c69ae61df6e7 Mon Sep 17 00:00:00 2001
From: Hui Peng <phui@google.com>
Date: Mon, 21 Aug 2023 10:40:17 -0700
Subject: [PATCH] Fix an OOB bug in parse_gap_data

Bug: 277590580
bug: 275553827
Test: atest net_test_main_shim
Ignore-AOSP-First: security
Tag: #security
Merged-In: I7fcb7c46f668f48560a72399a3c5087c6da3827f
Change-Id: I7fcb7c46f668f48560a72399a3c5087c6da3827f
---
 system/main/shim/utils.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/system/main/shim/utils.cc b/system/main/shim/utils.cc
index dcf1725beb1..9f18ddc4f76 100644
--- a/system/main/shim/utils.cc
+++ b/system/main/shim/utils.cc
@@ -25,6 +25,10 @@ void parse_gap_data(const std::vector<uint8_t> &raw_data,
       hci::GapData gap_data;
       uint8_t len = raw_data[offset];
 
+      if (offset + len + 1 > raw_data.size()) {
+        break;
+      }
+
       auto begin = raw_data.begin() + offset;
       auto end = begin + len + 1;  // 1 byte for len
       auto data_copy = std::make_shared<std::vector<uint8_t>>(begin, end);
-- 
GitLab