An integer underflow vuln of nxp nfc hal library

Bug: 169258743 Test: build ok Change-Id: I98fbd6ac69ee89dadadae2f0553be47e3580a838
author: Alisher Alikhodjaev <alisher@google.com> 2020-10-22 16:13:41 -0700
committer: alk3pInjection <webmaster@raspii.tech> 2022-03-05 01:55:03 +0800
commit: fb114552d05b63dafad766a296d10affd6835997 (patch)
tree: aec492cf4d0767185af8d28eb754d8272f9d632c
parent: eb2b544996468c3e3cdb63e68e0e9efe84dc4cca (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/halimpl/hal/phNxpNciHal_ext.cc b/halimpl/hal/phNxpNciHal_ext.cc
index d1cc13c..3515234 100644
--- a/halimpl/hal/phNxpNciHal_ext.cc
+++ b/halimpl/hal/phNxpNciHal_ext.cc
@@ -194,6 +194,10 @@ NFCSTATUS phNxpNciHal_process_ext_rsp(uint8_t* p_ntf, uint16_t* p_len) {
   status = NFCSTATUS_SUCCESS;
 
   if (bDisableLegacyMfcExtns && bEnableMfcExtns && p_ntf[0] == 0) {
+    if (*p_len < NCI_HEADER_SIZE) {
+      android_errorWriteLog(0x534e4554, "169258743");
+      return NFCSTATUS_FAILED;
+    }
     uint16_t extlen;
     extlen = *p_len - NCI_HEADER_SIZE;
     NxpMfcReaderInstance.AnalyzeMfcResp(&p_ntf[3], &extlen);
author	Alisher Alikhodjaev <alisher@google.com>	2020-10-22 16:13:41 -0700
committer	alk3pInjection <webmaster@raspii.tech>	2022-03-05 01:55:03 +0800
commit	fb114552d05b63dafad766a296d10affd6835997 (patch)
tree	aec492cf4d0767185af8d28eb754d8272f9d632c
parent	eb2b544996468c3e3cdb63e68e0e9efe84dc4cca (diff)