Merge "Prevent infinite loop on zero length USB descriptors" am: a40c30d172 am: ff3df3f1d7 Change-Id: Ie6c52366aa19fcf55e891f655f534939f128251d

commit: eb4725c20a5ac458769b9c28e719f0a1f2c9f761 [log] [tgz]
author: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Sat Feb 22 19:07:53 2020 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Sat Feb 22 19:07:53 2020 +0000
tree: 553e03e8dfdf4d8a045133f96255023067179376
parent: 685a5c497898efa10c89d59a1b05113a6833a29b [diff]
parent: ff3df3f1d772e467506f6b9b7089b545527b0312 [diff]
diff --git a/libusbhost/usbhost.c b/libusbhost/usbhost.c
index 415488f..3bed0e3 100644
--- a/libusbhost/usbhost.c
+++ b/libusbhost/usbhost.c

@@ -597,6 +597,11 @@
     if (iter->curr_desc >= iter->config_end)
         return NULL;
     next = (struct usb_descriptor_header*)iter->curr_desc;
+    // Corrupt descriptor with zero length, cannot continue iterating
+    if (next->bLength == 0) {
+       D("usb_descriptor_iter_next got zero length USB descriptor, ending iteration\n");
+       return NULL;
+    }
     iter->curr_desc += next->bLength;
     return next;
 }
commit	eb4725c20a5ac458769b9c28e719f0a1f2c9f761	[log] [tgz]
author	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Sat Feb 22 19:07:53 2020 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Sat Feb 22 19:07:53 2020 +0000
tree	553e03e8dfdf4d8a045133f96255023067179376
parent	685a5c497898efa10c89d59a1b05113a6833a29b [diff]
parent	ff3df3f1d772e467506f6b9b7089b545527b0312 [diff]