diff options
author | Jizhou Liao <Jizhou.Liao@nxp.com> | 2016-06-15 15:08:53 -0700 |
---|---|---|
committer | Martijn Coenen <maco@google.com> | 2016-07-20 10:11:05 +0200 |
commit | e1e11dc29f1a81d3039c0cfd395d3a1289fc2559 (patch) | |
tree | 551b4b7b4e137cfe98facb98dbcd4191af4a54ea | |
parent | 0b849e3a0517f8e0caab8812d95d6a56f8709007 (diff) | |
download | libnfc-nci-e1e11dc29f1a81d3039c0cfd395d3a1289fc2559.tar.gz |
Fix ISO15693 crash with >= 255 bytes NDef message.
There is a null pointer crash if the data of block doesn't contain
any NDef message data.
Bug: 30240338
Change-Id: Iff54f11b76317bac21f148bf9298ae8c3201093a
-rw-r--r-- | src/nfc/tags/rw_i93.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/nfc/tags/rw_i93.c b/src/nfc/tags/rw_i93.c index acdbcb7..cec6af9 100644 --- a/src/nfc/tags/rw_i93.c +++ b/src/nfc/tags/rw_i93.c @@ -1997,6 +1997,11 @@ void rw_i93_sm_read_ndef (BT_HDR *p_resp) p_i93->rw_length += p_resp->len; } + else + { + /* in case of no Ndef data included */ + p_resp->len = 0; + } /* if read all of NDEF data */ if (p_i93->rw_length >= p_i93->ndef_length) @@ -2019,7 +2024,10 @@ void rw_i93_sm_read_ndef (BT_HDR *p_resp) p_resp->len, p_i93->ndef_length); - (*(rw_cb.p_cback)) (RW_I93_NDEF_READ_EVT, &rw_data); + if (p_resp->len > 0) + { + (*(rw_cb.p_cback)) (RW_I93_NDEF_READ_EVT, &rw_data); + } /* this will make read data from next block */ p_i93->rw_offset += length; |