Prevent OOB read in rw_t4t.cc part 2
Bug: 120865977
Bug: 120274615
Bug: 124462242
Test: Read T4T Tag
Change-Id: I4d70537d71442205a9456c0ece7a836fa4473558
diff --git a/src/nfc/tags/rw_t4t.cc b/src/nfc/tags/rw_t4t.cc
index fd358eb..92ff5d9 100644
--- a/src/nfc/tags/rw_t4t.cc
+++ b/src/nfc/tags/rw_t4t.cc
@@ -1014,6 +1014,8 @@
rw_data.t4t_sw.sw1 = sw1;
rw_data.t4t_sw.sw2 = sw2;
+ rw_data.ndef.cur_size = 0;
+ rw_data.ndef.max_size = 0;
switch (p_t4t->state) {
case RW_T4T_STATE_DETECT_NDEF:
@@ -1800,6 +1802,7 @@
p_r_apdu->len < T4T_RSP_STATUS_WORDS_SIZE) {
LOG(ERROR) << StringPrintf("%s incorrect p_r_apdu length", __func__);
android_errorWriteLog(0x534e4554, "120865977");
+ rw_t4t_handle_error(NFC_STATUS_FAILED, 0, 0);
GKI_freebuf(p_r_apdu);
return;
}