MTP: Make sure buffer is big enough before reading the data packet

Fixes buffer overflow when transferring large playlists.

Change-Id: I1b7feaf9e56d849e5b6609f0f68a6aa5a3ae1ea8
Signed-off-by: Mike Lockwood <lockwood@android.com>

1 files changed, 1 insertions, 0 deletions

diff --git a/media/mtp/MtpDataPacket.cpp b/media/mtp/MtpDataPacket.cpp
index e1d1a92..eac1f7e 100644
--- a/media/mtp/MtpDataPacket.cpp
+++ b/media/mtp/MtpDataPacket.cpp
@@ -351,6 +351,7 @@ int MtpDataPacket::read(int fd) {
         return -1;
     // then the following data
     int total = MtpPacket::getUInt32(MTP_CONTAINER_LENGTH_OFFSET);
+    allocate(total);
     int remaining = total - MTP_CONTAINER_HEADER_SIZE;
     ret = ::read(fd, &mBuffer[0] + MTP_CONTAINER_HEADER_SIZE, remaining);
     if (ret != remaining)