mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-03-14 10:21:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

avrcp_browsing_target: check input data length for SET BROWSED PLAYER command

Browse Source
This commit is contained in:
Milanka Ringwald 2024-11-06 14:49:30 +01:00 committed by Matthias Ringwald
parent c8fb77dd9c
commit 19dd59c8bc
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/classic/avrcp_browsing_target.c
View File

@ -185,10 +185,19 @@ static void avrcp_browsing_target_packet_handler(uint8_t packet_type, uint16_t c
}
case AVRCP_PDU_ID_SET_BROWSED_PLAYER:
// param length (2), player_id (2)
if ( (pos + 2) > size ){
avrcp_browsing_target_response_general_reject(browsing_connection, AVRCP_STATUS_INVALID_COMMAND);
break;
}
if (big_endian_read_16(packet, pos) != 2){
avrcp_browsing_target_response_general_reject(browsing_connection, AVRCP_STATUS_INVALID_COMMAND);
break;
}
if ( (pos + 4) > size ){
avrcp_browsing_target_response_general_reject(browsing_connection, AVRCP_STATUS_INVALID_PLAYER_ID);
break;
}
avrcp_browsing_target_emit_set_browsed_player(avrcp_target_context.browsing_avrcp_callback, channel, big_endian_read_16(packet, pos+2));
break;
default: