Prevent OOB read in rw_t4t.cc part 2 Bug: 120865977 Bug: 120274615 Bug: 124462242 Test: Read T4T Tag Change-Id: I4d70537d71442205a9456c0ece7a836fa4473558

commit: ea8d43c47462fda80359abf84c04a6cf7ce90f64 [log] [tgz]
author: George Chang <georgekgchang@google.com> Tue Jul 09 16:17:23 2019 +0800
committer: George Chang <georgekgchang@google.com> Tue Jul 09 10:14:10 2019 +0000
tree: d7ec5c1b9da124546a82f96b3a52e21f870510ed
parent: f83f9bc23d7a0b10df7fa9c705008fd29ad3bac5 [diff]
diff --git a/src/nfc/tags/rw_t4t.cc b/src/nfc/tags/rw_t4t.cc
index fd358eb..92ff5d9 100644
--- a/src/nfc/tags/rw_t4t.cc
+++ b/src/nfc/tags/rw_t4t.cc

@@ -1014,6 +1014,8 @@
 
     rw_data.t4t_sw.sw1 = sw1;
     rw_data.t4t_sw.sw2 = sw2;
+    rw_data.ndef.cur_size = 0;
+    rw_data.ndef.max_size = 0;
 
     switch (p_t4t->state) {
       case RW_T4T_STATE_DETECT_NDEF:
@@ -1800,6 +1802,7 @@
       p_r_apdu->len < T4T_RSP_STATUS_WORDS_SIZE) {
     LOG(ERROR) << StringPrintf("%s incorrect p_r_apdu length", __func__);
     android_errorWriteLog(0x534e4554, "120865977");
+    rw_t4t_handle_error(NFC_STATUS_FAILED, 0, 0);
     GKI_freebuf(p_r_apdu);
     return;
   }
commit	ea8d43c47462fda80359abf84c04a6cf7ce90f64	[log] [tgz]
author	George Chang <georgekgchang@google.com>	Tue Jul 09 16:17:23 2019 +0800
committer	George Chang <georgekgchang@google.com>	Tue Jul 09 10:14:10 2019 +0000
tree	d7ec5c1b9da124546a82f96b3a52e21f870510ed
parent	f83f9bc23d7a0b10df7fa9c705008fd29ad3bac5 [diff]