)]}'
{"id":"LineageOS%2Fandroid_packages_modules_Bluetooth~410891","triplet_id":"LineageOS%2Fandroid_packages_modules_Bluetooth~lineage-20.0~I9b30499d4aed6ab42f3cdb2c0de7df2c1a827404","project":"LineageOS/android_packages_modules_Bluetooth","branch":"lineage-20.0","topic":"T_asb_2024-12","attention_set":{},"removed_from_attention_set":{"15173":{"account":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"last_update":"2024-12-10 14:08:39.000000000","reason":"Change was submitted"}},"hashtags":[],"change_id":"I9b30499d4aed6ab42f3cdb2c0de7df2c1a827404","subject":"Fix OOB writes in gatt_sr.cc","status":"MERGED","created":"2024-12-06 05:24:52.000000000","updated":"2024-12-10 14:08:39.000000000","submitted":"2024-12-10 14:08:39.000000000","submitter":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"410888-T_asb_2024-12","meta_rev_id":"4fe0d44c44b00cd332f8fd2ae57ee4022ee1c94e","_number":410891,"virtual_id_number":410891,"owner":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"actions":{},"labels":{"Verified":{"all":[{"value":0,"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fails"," 0":"No score","+1":"Verified"},"description":"","default_value":0},"Code-Review":{"approved":{"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"all":[{"value":2,"date":"2024-12-10 14:08:39.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-2":"Do not submit","-1":"I would prefer that you didn\u0027t submit this"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0},"CI":{"all":[{"value":0,"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fail"," 0":"No score","+1":"Pass"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2024-12-08 10:23:56.000000000","updated_by":{"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"reviewer":{"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"state":"REVIEWER"}],"messages":[{"id":"7f746466766f598c3587cad13e32fa2575582645","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-12-06 05:24:52.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"d1595c38f6047b853b4d7773780c7b57fae85668","author":{"_account_id":13648,"name":"Bruno Martins","email":"bgcngm@gmail.com","username":"bgcngm","avatars":[{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/3d939ee28d51d14e76de3a4510b309ce.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-12-08 10:23:56.000000000","message":"Patch Set 1: Code-Review+2 Verified+1","accounts_in_message":[],"_revision_number":1},{"id":"4fe0d44c44b00cd332f8fd2ae57ee4022ee1c94e","tag":"autogenerated:gerrit:merged","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-12-10 14:08:39.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"2a99f77c371caf1383f4e52ecd9a60fbe32f14b0","revisions":{"cc7420aeb3cba41d3b9d6bcfdfa8d56ef8d72292":{"kind":"REWORK","_number":1,"created":"2024-12-06 05:24:52.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/91/410891/1","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_modules_Bluetooth","ref":"refs/changes/91/410891/1","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/1 \u0026\u0026 git checkout -b change-410891 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/1","Reset To":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"521e65fdf6dd4d70d044c45c8e03da6f393b9329","subject":"Encrypt LE link immediately on reconnection","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/521e65fdf6dd4d70d044c45c8e03da6f393b9329"}]}],"author":{"name":"Brian Delwiche","email":"delwiche@google.com","date":"2024-09-12 17:26:55.000000000","tz":0},"committer":{"name":"Kevin F. Haggerty","email":"haggertk@lineageos.org","date":"2024-12-06 02:34:51.000000000","tz":-420},"subject":"Fix OOB writes in gatt_sr.cc","message":"Fix OOB writes in gatt_sr.cc\n\nAt various points in gatt_sr.cc, the output of the\ngatt_tcb_get_payload_size function is used without checking for a\npositive length.  However, in exceptional cases it is possible for the\nchannel to be closed at the time the function is called, which will lead\nto a zero length and cause an OOB write in subsequent processing.\n\nFix all of these.\n\nBug: 364026473\nBug: 364027038\nBug: 364027949\nBug: 364025411\nTest: m libbluetooth\nTest: researcher POC\nFlag: EXEMPT trivial validity checks\nTag: #security\nIgnore-AOSP-First: Security\n(cherry picked from commit 7de5617f7d5266fe57c990c428621b5d4e92728a)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:61f6c95083aa98c597f1fdf7c871dd826e810f2b)\nMerged-In: I9b30499d4aed6ab42f3cdb2c0de7df2c1a827404\nChange-Id: I9b30499d4aed6ab42f3cdb2c0de7df2c1a827404\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/cc7420aeb3cba41d3b9d6bcfdfa8d56ef8d72292"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/cc7420aeb3cba41d3b9d6bcfdfa8d56ef8d72292"}]},"branch":"refs/heads/lineage-20.0"},"2a99f77c371caf1383f4e52ecd9a60fbe32f14b0":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2024-12-10 14:08:39.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/91/410891/2","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_modules_Bluetooth","ref":"refs/changes/91/410891/2","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/2 \u0026\u0026 git checkout -b change-410891 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/2","Reset To":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/91/410891/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"e9571a01e475dba96f8c730f0355465f6f043aeb","subject":"Merge cherrypicks of [\u0027googleplex-android-review.googlesource.com/28505576\u0027, \u0027googleplex-android-review.googlesource.com/28904340\u0027, \u0027googleplex-android-review.googlesource.com/29360798\u0027] into security-aosp-tm-release.","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/e9571a01e475dba96f8c730f0355465f6f043aeb"}]}],"author":{"name":"Brian Delwiche","email":"delwiche@google.com","date":"2024-09-12 17:26:55.000000000","tz":0},"committer":{"name":"Android Build Coastguard Worker","email":"android-build-coastguard-worker@google.com","date":"2024-10-14 20:20:18.000000000","tz":0},"subject":"Fix OOB writes in gatt_sr.cc","message":"Fix OOB writes in gatt_sr.cc\n\nAt various points in gatt_sr.cc, the output of the\ngatt_tcb_get_payload_size function is used without checking for a\npositive length.  However, in exceptional cases it is possible for the\nchannel to be closed at the time the function is called, which will lead\nto a zero length and cause an OOB write in subsequent processing.\n\nFix all of these.\n\nBug: 364026473\nBug: 364027038\nBug: 364027949\nBug: 364025411\nTest: m libbluetooth\nTest: researcher POC\nFlag: EXEMPT trivial validity checks\nTag: #security\nIgnore-AOSP-First: Security\n(cherry picked from commit 7de5617f7d5266fe57c990c428621b5d4e92728a)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:61f6c95083aa98c597f1fdf7c871dd826e810f2b)\nMerged-In: I9b30499d4aed6ab42f3cdb2c0de7df2c1a827404\nChange-Id: I9b30499d4aed6ab42f3cdb2c0de7df2c1a827404\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/2a99f77c371caf1383f4e52ecd9a60fbe32f14b0"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/2a99f77c371caf1383f4e52ecd9a60fbe32f14b0"}]},"branch":"refs/heads/lineage-20.0"}},"requirements":[],"submit_records":[],"submit_requirements":[]}