espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-28 03:23:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(bt/bluedroid): fixed possible OOB read in avrc_pars_vendor_cmd

Browse Source
This commit is contained in:
Jin Cheng
2026-03-10 08:43:56 +08:00
parent 661f1251b3
commit c53d05ae52
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c
+12 -8
View File
@@ -80,11 +80,13 @@ static tAVRC_STS avrc_pars_vendor_cmd(tAVRC_MSG_VENDOR *p_msg, tAVRC_COMMAND *p_
switch (p_result->pdu) {
case AVRC_PDU_GET_CAPABILITIES: /* 0x10 */
p_result->get_caps.capability_id = *p++;
if (!AVRC_IS_VALID_CAP_ID(p_result->get_caps.capability_id)) {
status = AVRC_STS_BAD_PARAM;
} else if (len != 1) {
if (len < 1) {
status = AVRC_STS_INTERNAL_ERR;
} else {
p_result->get_caps.capability_id = *p++;
if (!AVRC_IS_VALID_CAP_ID(p_result->get_caps.capability_id)) {
status = AVRC_STS_BAD_PARAM;
}
}
break;
@@ -96,11 +98,13 @@ static tAVRC_STS avrc_pars_vendor_cmd(tAVRC_MSG_VENDOR *p_msg, tAVRC_COMMAND *p_
break;
case AVRC_PDU_LIST_PLAYER_APP_VALUES: /* 0x12 */
p_result->list_app_values.attr_id = *p++;
if (!AVRC_IS_VALID_ATTRIBUTE(p_result->list_app_values.attr_id)) {
status = AVRC_STS_BAD_PARAM;
} else if (len != 1) {
if (len < 1) {
status = AVRC_STS_INTERNAL_ERR;
} else {
p_result->list_app_values.attr_id = *p++;
if (!AVRC_IS_VALID_ATTRIBUTE(p_result->list_app_values.attr_id)) {
status = AVRC_STS_BAD_PARAM;
}
}
break;