Prevent integer underflow in rw_t2t_handle_tlv_detect_rsp()

Bug: 121035711 Test: NFC Enable/Disable Change-Id: Ifa3e5fdf23f267a0d6c3aa8495c4c83f20153025 (cherry picked from commit e477a1c45b9f94b40540acc568eef2b8a2100d12)
author: George Chang <georgekgchang@google.com> 2019-01-09 14:18:51 +0800
committer: android-build-team Robot <android-build-team-robot@google.com> 2019-03-15 23:11:25 +0000
commit: 1f83f1e9f35e2675ed02053bf76ab7e13f6c2078 (patch)
tree: fd8e00f58339b27ba9d9301af016e27a3b8f3e44
parent: 225cfb42c7067deff9af87bd213cf0675059e236 (diff)
download: libnfc-nci-1f83f1e9f35e2675ed02053bf76ab7e13f6c2078.tar.gz
1 files changed, 27 insertions, 3 deletions
diff --git a/src/nfc/tags/rw_t2t_ndef.c b/src/nfc/tags/rw_t2t_ndef.c
index 7bacc72..82e5131 100644
--- a/src/nfc/tags/rw_t2t_ndef.c
+++ b/src/nfc/tags/rw_t2t_ndef.c
@@ -647,7 +647,15 @@ static void rw_t2t_handle_tlv_detect_rsp (UINT8 *p_data)
                 break;
 
             case TAG_LOCK_CTRL_TLV:
-                p_t2t->bytes_count--;
+                if (p_t2t->bytes_count > 0)
+                {
+                  p_t2t->bytes_count--;
+                }
+                else
+                {
+                  RW_TRACE_ERROR0 ("Underflow p_t2t->bytes_count!");
+                  android_errorWriteLog(0x534e4554, "120506143");
+                }
                 if (  (tlvtype == TAG_LOCK_CTRL_TLV)
                     ||(tlvtype == TAG_NDEF_TLV)  )
                 {
@@ -694,7 +702,15 @@ static void rw_t2t_handle_tlv_detect_rsp (UINT8 *p_data)
                 break;
 
             case TAG_MEM_CTRL_TLV:
-                p_t2t->bytes_count--;
+                if (p_t2t->bytes_count > 0)
+                {
+                  p_t2t->bytes_count--;
+                }
+                else
+                {
+                  RW_TRACE_ERROR0 ("Underflow p_t2t->bytes_count!");
+                  android_errorWriteLog(0x534e4554, "120506143");
+                }
                 if (  (tlvtype == TAG_MEM_CTRL_TLV)
                     ||(tlvtype == TAG_NDEF_TLV)  )
                 {
@@ -729,7 +745,15 @@ static void rw_t2t_handle_tlv_detect_rsp (UINT8 *p_data)
                 break;
 
             case TAG_PROPRIETARY_TLV:
-                p_t2t->bytes_count--;
+                if (p_t2t->bytes_count > 0)
+                {
+                  p_t2t->bytes_count--;
+                }
+                else
+                {
+                  RW_TRACE_ERROR0 ("Underflow p_t2t->bytes_count!");
+                  android_errorWriteLog(0x534e4554, "120506143");
+                }
                 if (tlvtype == TAG_PROPRIETARY_TLV)
                 {
                     found = TRUE;
author	George Chang <georgekgchang@google.com>	2019-01-09 14:18:51 +0800
committer	android-build-team Robot <android-build-team-robot@google.com>	2019-03-15 23:11:25 +0000
commit	1f83f1e9f35e2675ed02053bf76ab7e13f6c2078 (patch)
tree	fd8e00f58339b27ba9d9301af016e27a3b8f3e44
parent	225cfb42c7067deff9af87bd213cf0675059e236 (diff)
download	libnfc-nci-1f83f1e9f35e2675ed02053bf76ab7e13f6c2078.tar.gz