review.tizen.org Git - platform/core/api/bluetooth.git/commit

author	DoHyun Pyun <dh79.pyun@samsung.com>
	Fri, 28 Aug 2020 02:16:06 +0000 (11:16 +0900)
committer	DoHyun Pyun <dh79.pyun@samsung.com>
	Fri, 28 Aug 2020 02:16:06 +0000 (11:16 +0900)
commit	d049fd009159a204309d2c51319e13a25b08aa6b
tree	4fe7db7a642e26eeff344a06ad83c148603a0d72	tree \| snapshot
parent	9f189aa789ea2c35f6016a767bd209bcf4029c6d	commit \| diff

Prevent the heap buffer overflow

It is possible to occur the heap buffer overflow without
checking the length. So limit the maximum length for it.

==bluetooth-native-itc==12977==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xaf4531e0 at pc 0xb6a037eb bp 0xbedf4994 sp 0xbedf4560
READ of size 18 at 0xaf4531e0 thread T0
0xb6a037e8 in printf_common(void*, char const*, std::__va_list) /usr/src/debug/gcc-9.2.0/obj/armv7l-tizen-linux-gnueabi/libsanitizer/asan/../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors_format.inc:546
0xb6a0452e in __interceptor_vfprintf /usr/src/debug/gcc-9.2.0/obj/armv7l-tizen-linux-gnueabi/libsanitizer/asan/../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1720 (discriminator 10)
0xaf4531e0 is located 0 bytes to the right of 16-byte region [0xaf4531d0,0xaf4531e0)
0xb67ed18e in bt_adapter_get_local_oob_data /usr/src/debug/capi-network-bluetooth-0.5.3/src/bluetooth-adapter.c:1107
0xb6f68994 in ITc_bluetooth_adapter_bt_adapter_get_local_oob_data_p src/ITs-bluetooth-adapter.c:750

Change-Id: I719c97fd97f919a5376cd9fd7e633612b855655e
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>