From 7ce21c4281580833e2c11d3afb84739ec3bc1062 Mon Sep 17 00:00:00 2001
From: lee <lilong32@huawei.com>
Date: Mon, 21 Mar 2022 19:08:14 +0800
Subject: [PATCH] fixed e1e698b from
 https://gitee.com/lilong32/communication_bluetooth/pulls/120 fix hypercycle
 risk

Signed-off-by: lee <lilong32@huawei.com>
---
 .../ipc/src/bluetooth_remote_device_observer_stub.cpp      | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/services/bluetooth_standard/ipc/src/bluetooth_remote_device_observer_stub.cpp b/services/bluetooth_standard/ipc/src/bluetooth_remote_device_observer_stub.cpp
index 78d5bc72..c4c951e5 100644
--- a/services/bluetooth_standard/ipc/src/bluetooth_remote_device_observer_stub.cpp
+++ b/services/bluetooth_standard/ipc/src/bluetooth_remote_device_observer_stub.cpp
@@ -18,6 +18,7 @@
 
 namespace OHOS {
 namespace Bluetooth {
+constexpr int32_t UUID_SIZE_MAX = 1024;
 std::map<uint32_t, ErrCode (BluetoothRemoteDeviceObserverstub::*)(MessageParcel &data, MessageParcel &reply)>
     BluetoothRemoteDeviceObserverstub::memberFuncMap_ = {
         {static_cast<uint32_t>(IBluetoothRemoteDeviceObserver::Code::BT_REMOTE_DEVICE_OBSERVER_PSIR_STATUS),
@@ -79,6 +80,10 @@ ErrCode BluetoothRemoteDeviceObserverstub::OnRemoteNameUuidChangedInner(MessageP
 {
     sptr<BluetoothRawAddress> result = data.ReadParcelable<BluetoothRawAddress>();
     int32_t uuidSize = data.ReadInt32();
+    if (uuidSize > UUID_SIZE_MAX || uuidSize < 0) {
+        HILOGE("%{public}s, uuidSize = %{public}d exceeds the maximum 512.", __func__, uuidSize);
+        return TRANSACTION_ERR;
+    }
     std::vector<bluetooth::Uuid> uuids;
     for (int i = 0; i < uuidSize; ++i) {
         bluetooth::Uuid uuid = ParcelBtUuid::ReadFromParcel(data);
@@ -120,4 +125,4 @@ ErrCode BluetoothRemoteDeviceObserverstub::OnRemoteBatteryLevelChangedInner(Mess
     return NO_ERROR;
 }
 }  // namespace Bluetooth
-}  // namespace OHOS
\ No newline at end of file
+}  // namespace OHOS
-- 
Gitee