diff options
author | Jizhou Liao <Jizhou.Liao@nxp.com> | 2016-06-15 15:08:53 -0700 |
---|---|---|
committer | Jizhou Liao <Jizhou.Liao@nxp.com> | 2016-06-15 15:16:08 -0700 |
commit | 400d445b8fc35f9f15a037f8bf610ca3352e3f5f (patch) | |
tree | f2f34a690f69a0c6527365e36f12215dbac8a343 | |
parent | c0e3e1e612e0ec448c28e3e4fd0e8e26b91e2876 (diff) | |
download | libnfc-nci-400d445b8fc35f9f15a037f8bf610ca3352e3f5f.tar.gz |
Fix crash issue on reading ISO-15693 tag with more than 255 bytes NDef message.
There is a null pointer crash if the data of block doesn't contain
any NDef message data.
-rw-r--r-- | src/nfc/tags/rw_i93.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/nfc/tags/rw_i93.c b/src/nfc/tags/rw_i93.c index acdbcb7..cec6af9 100644 --- a/src/nfc/tags/rw_i93.c +++ b/src/nfc/tags/rw_i93.c @@ -1997,6 +1997,11 @@ void rw_i93_sm_read_ndef (BT_HDR *p_resp) p_i93->rw_length += p_resp->len; } + else + { + /* in case of no Ndef data included */ + p_resp->len = 0; + } /* if read all of NDEF data */ if (p_i93->rw_length >= p_i93->ndef_length) @@ -2019,7 +2024,10 @@ void rw_i93_sm_read_ndef (BT_HDR *p_resp) p_resp->len, p_i93->ndef_length); - (*(rw_cb.p_cback)) (RW_I93_NDEF_READ_EVT, &rw_data); + if (p_resp->len > 0) + { + (*(rw_cb.p_cback)) (RW_I93_NDEF_READ_EVT, &rw_data); + } /* this will make read data from next block */ p_i93->rw_offset += length; |