summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Mike Lockwood <lockwood@android.com> 2010-11-30 12:16:58 -0500
committer Mike Lockwood <lockwood@android.com> 2010-11-30 12:19:41 -0500
commit9dfc7de2cc3b552472f843e12ba229db0fd31fdf (patch)
tree00bd9add6a1b5bbcfb1f460c8ba06caf4e353932
parentc97e6f9f35290c078d6acfaa39c3790a327e5a17 (diff)
MTP: Make sure buffer is big enough before reading the data packet
Fixes buffer overflow when transferring large playlists. Change-Id: I1b7feaf9e56d849e5b6609f0f68a6aa5a3ae1ea8 Signed-off-by: Mike Lockwood <lockwood@android.com>
Diffstat
-rw-r--r--media/mtp/MtpDataPacket.cpp1
1 files changed, 1 insertions, 0 deletions
diff --git a/media/mtp/MtpDataPacket.cpp b/media/mtp/MtpDataPacket.cpp
index e1d1a928a284..eac1f7ed748f 100644
--- a/media/mtp/MtpDataPacket.cpp
+++ b/media/mtp/MtpDataPacket.cpp
@@ -351,6 +351,7 @@ int MtpDataPacket::read(int fd) {
return -1;
// then the following data
int total = MtpPacket::getUInt32(MTP_CONTAINER_LENGTH_OFFSET);
+ allocate(total);
int remaining = total - MTP_CONTAINER_HEADER_SIZE;
ret = ::read(fd, &mBuffer[0] + MTP_CONTAINER_HEADER_SIZE, remaining);
if (ret != remaining)
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-25 08:25:14 +0000