DivestOS/Patches/LineageOS-16.0/android_system_bt/334268.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Josh Wu <joshwu@google.com>
Date: Fri, 29 Apr 2022 00:02:23 -0700
Subject: [PATCH] Security: Fix out of bound read in AT_SKIP_REST

Bug: 220732646
Test: build
Tag: #security
Ignore-AOSP-First: Security bug
Change-Id: Ia49f26e4979f9e57c448190a52d0d01b70e342c4
(cherry picked from commit 4ce5a3c374fb5d24f367a202a6a3dcab4ba4dffd)
Merged-In: Ia49f26e4979f9e57c448190a52d0d01b70e342c4
---
 bta/hf_client/bta_hf_client_at.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bta/hf_client/bta_hf_client_at.cc b/bta/hf_client/bta_hf_client_at.cc
index 2e5a68b1a..ecdf0daec 100644
--- a/bta/hf_client/bta_hf_client_at.cc
+++ b/bta/hf_client/bta_hf_client_at.cc
@@ -787,9 +787,9 @@ void bta_hf_client_binp(tBTA_HF_CLIENT_CB* client_cb, char* number) {
   } while (0)
 
 /* skip rest of AT string up to <cr> */
-#define AT_SKIP_REST(buf)           \
-  do {                              \
-    while (*(buf) != '\r') (buf)++; \
+#define AT_SKIP_REST(buf)                             \
+  do {                                                \
+    while (*(buf) != '\r' && *(buf) != '\0') (buf)++; \
   } while (0)
 
 static char* bta_hf_client_parse_ok(tBTA_HF_CLIENT_CB* client_cb,
16.0: Import and verify picks https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev> 2024-05-07 23:13:31 +00:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Josh Wu <joshwu@google.com>`
			`Date: Fri, 29 Apr 2022 00:02:23 -0700`
			`Subject: [PATCH] Security: Fix out of bound read in AT_SKIP_REST`

			`Bug: 220732646`
			`Test: build`
			`Tag: #security`
			`Ignore-AOSP-First: Security bug`
			`Change-Id: Ia49f26e4979f9e57c448190a52d0d01b70e342c4`
			`(cherry picked from commit 4ce5a3c374fb5d24f367a202a6a3dcab4ba4dffd)`
			`Merged-In: Ia49f26e4979f9e57c448190a52d0d01b70e342c4`
			`---`
			`bta/hf_client/bta_hf_client_at.cc \| 6 +++---`
			`1 file changed, 3 insertions(+), 3 deletions(-)`

			`diff --git a/bta/hf_client/bta_hf_client_at.cc b/bta/hf_client/bta_hf_client_at.cc`
			`index 2e5a68b1a..ecdf0daec 100644`
			`--- a/bta/hf_client/bta_hf_client_at.cc`
			`+++ b/bta/hf_client/bta_hf_client_at.cc`
			`@@ -787,9 +787,9 @@ void bta_hf_client_binp(tBTA_HF_CLIENT_CB* client_cb, char* number) {`
			`} while (0)`

			`/* skip rest of AT string up to <cr> */`
			`-#define AT_SKIP_REST(buf) \`
			`- do { \`
			`- while (*(buf) != '\r') (buf)++; \`
			`+#define AT_SKIP_REST(buf) \`
			`+ do { \`
			`+ while ((buf) != '\r' && (buf) != '\0') (buf)++; \`
			`} while (0)`

			`static char* bta_hf_client_parse_ok(tBTA_HF_CLIENT_CB* client_cb,`