From 1d34b4b921cdac91116e456d97b57a1931e9e335 Mon Sep 17 00:00:00 2001 From: Mike Lockwood Date: Tue, 30 Nov 2010 12:16:58 -0500 Subject: MTP: Make sure buffer is big enough before reading the data packet Fixes buffer overflow when transferring large playlists. Change-Id: I1b7feaf9e56d849e5b6609f0f68a6aa5a3ae1ea8 Signed-off-by: Mike Lockwood --- media/mtp/MtpDataPacket.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'media/mtp') diff --git a/media/mtp/MtpDataPacket.cpp b/media/mtp/MtpDataPacket.cpp index e1d1a92..eac1f7e 100644 --- a/media/mtp/MtpDataPacket.cpp +++ b/media/mtp/MtpDataPacket.cpp @@ -351,6 +351,7 @@ int MtpDataPacket::read(int fd) { return -1; // then the following data int total = MtpPacket::getUInt32(MTP_CONTAINER_LENGTH_OFFSET); + allocate(total); int remaining = total - MTP_CONTAINER_HEADER_SIZE; ret = ::read(fd, &mBuffer[0] + MTP_CONTAINER_HEADER_SIZE, remaining); if (ret != remaining) -- cgit v1.1