)]}'
{"id":"LineageOS%2Fandroid_packages_modules_Bluetooth~399434","triplet_id":"LineageOS%2Fandroid_packages_modules_Bluetooth~lineage-20.0~I8e16ae525815bcdd47a2379ee8e5a6de47a3ac43","project":"LineageOS/android_packages_modules_Bluetooth","branch":"lineage-20.0","topic":"T_asb_2024-08","hashtags":[],"change_id":"I8e16ae525815bcdd47a2379ee8e5a6de47a3ac43","subject":"Fix heap-buffer overflow in sdp_utils.cc","status":"MERGED","created":"2024-08-09 16:49:10.000000000","updated":"2024-08-12 11:57:13.000000000","submitted":"2024-08-12 11:57:13.000000000","submitter":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"399433-T_asb_2024-08","meta_rev_id":"1ecc058ec3666e0c96a75299476d510e3dd1c885","_number":399434,"virtual_id_number":399434,"owner":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"actions":{},"labels":{"Verified":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fails"," 0":"No score","+1":"Verified"},"description":"","default_value":0},"Code-Review":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-2":"Do not submit","-1":"I would prefer that you didn\u0027t submit this"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0},"CI":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fail"," 0":"No score","+1":"Pass"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{},"pending_reviewers":{},"reviewer_updates":[],"messages":[{"id":"887c56b3438e42e28adec48387a536aeecd9ebbd","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-08-09 16:49:10.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"1ecc058ec3666e0c96a75299476d510e3dd1c885","tag":"autogenerated:gerrit:merged","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-08-12 11:57:13.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"3e5374c94f4375f96b6ff3cd834efb2260694d82","revisions":{"90d511999494eb4c78c928020d2cb77429531e9c":{"kind":"REWORK","_number":1,"created":"2024-08-09 16:49:10.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/34/399434/1","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_modules_Bluetooth","ref":"refs/changes/34/399434/1","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/1 \u0026\u0026 git checkout -b change-399434 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/1","Reset To":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"e942800d7be1ba4e4040359946f1cbf431aaa48c","subject":"Fix permission bypasses to multiple methods","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/e942800d7be1ba4e4040359946f1cbf431aaa48c"}]}],"author":{"name":"Brian Delwiche","email":"delwiche@google.com","date":"2024-04-22 17:21:30.000000000","tz":0},"committer":{"name":"Kevin F. Haggerty","email":"haggertk@lineageos.org","date":"2024-08-09 16:25:21.000000000","tz":-360},"subject":"Fix heap-buffer overflow in sdp_utils.cc","message":"Fix heap-buffer overflow in sdp_utils.cc\n\nFuzzer identifies a case where sdpu_compare_uuid_with_attr crashes with\nan out of bounds comparison.  Although the bug claims this is due to a\ncomparison of a uuid with a smaller data field thana the discovery\nattribute, my research suggests that this instead stems from a\ncomparison of a 128 bit UUID with a discovery attribute of some other,\ninvalid size.\n\nAdd checks for discovery attribute size.\n\nBug: 287184435\nTest: atest bluetooth_test_gd_unit, net_test_stack_sdp\nTag: #security\nIgnore-AOSP-First: Security\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7bbdb139bf91dca86c72c33a74c0e3407938c487)\nMerged-In: I8e16ae525815bcdd47a2379ee8e5a6de47a3ac43\nChange-Id: I8e16ae525815bcdd47a2379ee8e5a6de47a3ac43\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/90d511999494eb4c78c928020d2cb77429531e9c"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/90d511999494eb4c78c928020d2cb77429531e9c"}]},"branch":"refs/heads/lineage-20.0"},"3e5374c94f4375f96b6ff3cd834efb2260694d82":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2024-08-12 11:57:13.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/34/399434/2","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_modules_Bluetooth","ref":"refs/changes/34/399434/2","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/2 \u0026\u0026 git checkout -b change-399434 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/2","Reset To":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/34/399434/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"ed87ee31dc6b32ea0e99e863f51413d911f038e6","subject":"Fix permission bypasses to multiple methods","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/ed87ee31dc6b32ea0e99e863f51413d911f038e6"}]}],"author":{"name":"Brian Delwiche","email":"delwiche@google.com","date":"2024-04-22 17:21:30.000000000","tz":0},"committer":{"name":"Android Build Coastguard Worker","email":"android-build-coastguard-worker@google.com","date":"2024-06-06 00:20:49.000000000","tz":0},"subject":"Fix heap-buffer overflow in sdp_utils.cc","message":"Fix heap-buffer overflow in sdp_utils.cc\n\nFuzzer identifies a case where sdpu_compare_uuid_with_attr crashes with\nan out of bounds comparison.  Although the bug claims this is due to a\ncomparison of a uuid with a smaller data field thana the discovery\nattribute, my research suggests that this instead stems from a\ncomparison of a 128 bit UUID with a discovery attribute of some other,\ninvalid size.\n\nAdd checks for discovery attribute size.\n\nBug: 287184435\nTest: atest bluetooth_test_gd_unit, net_test_stack_sdp\nTag: #security\nIgnore-AOSP-First: Security\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7bbdb139bf91dca86c72c33a74c0e3407938c487)\nMerged-In: I8e16ae525815bcdd47a2379ee8e5a6de47a3ac43\nChange-Id: I8e16ae525815bcdd47a2379ee8e5a6de47a3ac43\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/3e5374c94f4375f96b6ff3cd834efb2260694d82"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/3e5374c94f4375f96b6ff3cd834efb2260694d82"}]},"branch":"refs/heads/lineage-20.0"}},"requirements":[],"submit_records":[],"submit_requirements":[]}