Fix UAF in gatt_cl.cc
gatt_cl.cc accesses a header field after the buffer holding it may have been freed. Track the relevant state as a local variable instead. Bug: 274617156 Test: atest: bluetooth, validated against fuzzer Tag: #security Ignore-AOSP-First: Security Change-Id: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724
Loading
Please register or sign in to comment