diff options
Diffstat (limited to 'halimpl/hal/phNxpNciHal_ext.cc')
| -rw-r--r-- | halimpl/hal/phNxpNciHal_ext.cc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/halimpl/hal/phNxpNciHal_ext.cc b/halimpl/hal/phNxpNciHal_ext.cc index d08ca3d..2443ebe 100644 --- a/halimpl/hal/phNxpNciHal_ext.cc +++ b/halimpl/hal/phNxpNciHal_ext.cc @@ -329,6 +329,11 @@ NFCSTATUS phNxpNciHal_process_ext_rsp(uint8_t* p_ntf, uint16_t* p_len) { } if(nxpncihal_ctrl.nci_info.nci_version != NCI_VERSION_2_0) { + if (*p_len <= (p_ntf[2] + 2)) { + android_errorWriteLog(0x534e4554, "181660091"); + NXPLOG_NCIHAL_E("length error!"); + return NFCSTATUS_FAILED; + } #if 0 /* this is work around added initially. not required now */ if (p_ntf[p_ntf[2] + 2] == 0x00) { NXPLOG_NCIHAL_D("> Data of ISO-15693"); @@ -347,8 +352,8 @@ NFCSTATUS phNxpNciHal_process_ext_rsp(uint8_t* p_ntf, uint16_t* p_len) { icode_send_eof = 0; } else if (*p_len == 4 && p_ntf[0] == 0x40 && p_ntf[1] == 0x02 && p_ntf[2] == 0x01 && p_ntf[3] == 0x06) { - NXPLOG_NCIHAL_D("> Deinit for LLCP set_config 0x%x 0x%x 0x%x", p_ntf[21], - p_ntf[22], p_ntf[23]); + /* NXPLOG_NCIHAL_D("> Deinit for LLCP set_config 0x%x 0x%x 0x%x", p_ntf[21], + p_ntf[22], p_ntf[23]); */ p_ntf[0] = 0x40; p_ntf[1] = 0x02; p_ntf[2] = 0x02; |