From ec1eda69b6e41cc7d5d2a520c87602e4dcd8353d Mon Sep 17 00:00:00 2001 From: Myles Watson Date: Tue, 8 Aug 2017 16:00:30 -0700 Subject: [PATCH] Bluetooth: Check the number of file descriptors Opening the serial port(s) returns -1 when it fails, check that the number of file descriptors is greater than 0 and less than the size of the array. Test: VtsHalBluetoothV1_0TargetTest, Bluetooth start/stop Bug: 64420262 Change-Id: Icbffa5bd8c02030e389bac03aa5e1e78cc3c6057 --- bluetooth/1.0/default/vendor_interface.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bluetooth/1.0/default/vendor_interface.cc b/bluetooth/1.0/default/vendor_interface.cc index ffc283e465..15b6c74532 100644 --- a/bluetooth/1.0/default/vendor_interface.cc +++ b/bluetooth/1.0/default/vendor_interface.cc @@ -226,6 +226,11 @@ bool VendorInterface::Open(InitializeCompleteCallback initialize_complete_cb, int fd_list[CH_MAX] = {0}; int fd_count = lib_interface_->op(BT_VND_OP_USERIAL_OPEN, &fd_list); + if (fd_count < 1 || fd_count > CH_MAX - 1) { + ALOGE("%s: fd_count %d is invalid!", __func__, fd_count); + return false; + } + for (int i = 0; i < fd_count; i++) { if (fd_list[i] == INVALID_FD) { ALOGE("%s: fd %d is invalid!", __func__, fd_list[i]);