CVE-2023-35666

)]}’ { "commit": "b7ea57f620436c83a9766f928437ddadaa232e3a", "tree": "44210c93593b095aefa8e594538a82ed0f55242d", "parents": [ “8770c07c102c7fdc74626dc717acc8f6dd1c92cc” ], "author": { "name": "Brian Delwiche", "email": "[email protected]", "time": “Wed Mar 01 00:22:59 2023 +0000” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Fri Jul 14 17:32:14 2023 +0000” }, "message": "Fix potential abort in btu_av_act.cc\n\nPartner analysis shows that bta_av_rc_msg does not respect handling\nestablished for a null browse packet, instead dispatching the null\npointer to bta_av_rc_free_browse_msg. Strictly speaking this does\nnot cause a UAF, as osi_free_and_reset will find the null and abort,\nbut it will lead to improper program termination.\n\nHandle the case instead.\n\nBug: 269253349\nTest: atest bluetooth_test_gd_unit\nTag: #security\nIgnore-AOSP-First: Security\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d3ee136851de30261e56c62fbb488541dc564b94)\nMerged-In: I14dc4910476c733b246bcf7ff292afe9b7c0cc3d\nChange-Id: I14dc4910476c733b246bcf7ff292afe9b7c0cc3d\n", "tree_diff": [ { "type": "modify", "old_id": "10019e7edcfbe8bc414161c55065caff40a198a6", "old_mode": 33188, "old_path": "system/bta/av/bta_av_act.cc", "new_id": "dce4ea2012ed8268023a64c21c8ac0e46b465aaa", "new_mode": 33188, "new_path": “system/bta/av/bta_av_act.cc” } ] }