From 94998cc31c144acf580982308ae793959db2f00e Mon Sep 17 00:00:00 2001
From: Milanka Ringwald <mila@ringwald.ch>
Date: Fri, 24 Jan 2025 17:14:17 +0100
Subject: [PATCH] avrcp_target: check for Playing identifier in GetElementAttrs

---
 src/classic/avrcp_target.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/classic/avrcp_target.c b/src/classic/avrcp_target.c
index 80e74840e..3f3a87fdf 100644
--- a/src/classic/avrcp_target.c
+++ b/src/classic/avrcp_target.c
@@ -1260,8 +1260,13 @@ static void avrcp_handle_l2cap_data_packet_for_signaling_connection(avrcp_connec
                     }
 
                     uint8_t play_identifier[8];
-                    memcpy(play_identifier, &packet[pos], 8);
+                    memset(play_identifier, 0, 8);
+                    if (memcmp(&packet[pos], play_identifier, 8) != 0) {
+                        avrcp_target_response_vendor_dependent_reject(connection, pdu_id, AVRCP_STATUS_INVALID_PARAMETER);
+                        return;
+                    }
                     pos += 8;
+
                     uint8_t attribute_count = packet[pos++];
                     connection->next_attr_id = AVRCP_MEDIA_ATTR_NONE;
                     if (!attribute_count){