Skip to content
Snippets Groups Projects
Commit d3ee1368 authored by Brian Delwiche's avatar Brian Delwiche
Browse files

Fix potential abort in btu_av_act.cc 

Partner analysis shows that bta_av_rc_msg does not respect handling
established for a null browse packet, instead dispatching the null
pointer to bta_av_rc_free_browse_msg.  Strictly speaking this does
not cause a UAF, as osi_free_and_reset will find the null and abort,
but it will lead to improper program termination.

Handle the case instead.

Bug: 269253349
Test: atest bluetooth_test_gd_unit
Tag: #security
Ignore-AOSP-First: Security
Change-Id: I14dc4910476c733b246bcf7ff292afe9b7c0cc3d
parent e6d1eec3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment