Fixed that processing malformed PDUs stored in the intent caused crash.

The eported issue is that a malware can broadcast a DATA_SMS_RECEIVED intent with incorrect type of PDUs. The handling function in telephony will crash due to casting exception. The other change has already changed DATA_SMS_RECEIVED to a proected broadcast intent so ideally only system apps can send this intent. However, if the system app has a bug, this crash might still happen. bug: 22540754 Change-Id: I2cc3898b54ea3963500b4d825f07dcdb564861eb
author: Jack Yu <jackyu@google.com> 2015-07-31 15:13:39 -0700
committer: Jack Yu <jackyu@google.com> 2015-07-31 15:13:39 -0700
commit: efea96719708d3e1874ca372d574089cf84f2f57 (patch)
tree: d6520cd911d6117cc34f04f7fdd1f2955e5b7a58
parent: eff7f5f5760ecc2777994654f58392a38a1e62b2 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/location/GpsLocationProvider.java b/services/core/java/com/android/server/location/GpsLocationProvider.java
index f7e435ef29ff..57ca552d353e 100644
--- a/services/core/java/com/android/server/location/GpsLocationProvider.java
+++ b/services/core/java/com/android/server/location/GpsLocationProvider.java
@@ -490,6 +490,12 @@ public class GpsLocationProvider implements LocationProviderInterface {
 
     private void checkSmsSuplInit(Intent intent) {
         SmsMessage[] messages = Intents.getMessagesFromIntent(intent);
+
+        if (messages == null) {
+            Log.e(TAG, "Message does not exist in the intent.");
+            return;
+        }
+
         for (int i=0; i <messages.length; i++) {
             byte[] supl_init = messages[i].getUserData();
             native_agps_ni_message(supl_init,supl_init.length);
author	Jack Yu <jackyu@google.com>	2015-07-31 15:13:39 -0700
committer	Jack Yu <jackyu@google.com>	2015-07-31 15:13:39 -0700
commit	efea96719708d3e1874ca372d574089cf84f2f57 (patch)
tree	d6520cd911d6117cc34f04f7fdd1f2955e5b7a58
parent	eff7f5f5760ecc2777994654f58392a38a1e62b2 (diff)