CVE-2023-35673

)]}’ { "commit": "8770c07c102c7fdc74626dc717acc8f6dd1c92cc", "tree": "65ca8d2ebb2e5ec339caef51f2adfaa4638e16bf", "parents": [ “668bbca29797728004d88db4c9b69102f3939008” ], "author": { "name": "Brian Delwiche", "email": "[email protected]", "time": “Tue Apr 18 23:58:50 2023 +0000” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Fri Jul 14 17:32:08 2023 +0000” }, "message": "Fix integer overflow in build_read_multi_rsp\n\nLocal variables tracking structure size in build_read_multi_rsp are of\nuint16 type but accept a full uint16 range from function arguments while\nappending a fixed-length offset. This can lead to an integer overflow\nand unexpected behavior.\n\nChange the locals to size_t, and add a check during reasssignment.\n\nBug: 273966636\nTest: atest bluetooth_test_gd_unit, net_test_stack_btm\nTag: #security\nIgnore-AOSP-First: Security\n(cherry picked from commit 70a4d628fa016a9487fae07f211644b95e1f0000)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:badb8ffce06b517cbcfdbfa68cb7b7e02d22494a)\nMerged-In: I3a74bdb0d003cb6bf4f282615be8c68836676715\nChange-Id: I3a74bdb0d003cb6bf4f282615be8c68836676715\n", "tree_diff": [ { "type": "modify", "old_id": "8e642d0cf803e37b04e9e5cc893560cdc45fd762", "old_mode": 33188, "old_path": "system/stack/gatt/gatt_sr.cc", "new_id": "0b60a6a8db91e9e1af0bc1f1426a73f50cfc2864", "new_mode": 33188, "new_path": “system/stack/gatt/gatt_sr.cc” } ] }