MTP: Make sure buffer is big enough before reading the data packet Fixes buffer overflow when transferring large playlists. Change-Id: I1b7feaf9e56d849e5b6609f0f68a6aa5a3ae1ea8 Signed-off-by: Mike Lockwood <lockwood@android.com>

commit: 1d34b4b921cdac91116e456d97b57a1931e9e335 [log] [tgz]
author: Mike Lockwood <lockwood@android.com> Tue Nov 30 12:16:58 2010 -0500
committer: Mike Lockwood <lockwood@android.com> Tue Nov 30 12:19:41 2010 -0500
tree: 735567f60688e6e677acb1fe941b64a234990ee0
parent: 841af895d7f5051b9e96899710dba8d3fe2af1f2 [diff]
diff --git a/media/mtp/MtpDataPacket.cpp b/media/mtp/MtpDataPacket.cpp
index e1d1a92..eac1f7e 100644
--- a/media/mtp/MtpDataPacket.cpp
+++ b/media/mtp/MtpDataPacket.cpp

@@ -351,6 +351,7 @@
         return -1;
     // then the following data
     int total = MtpPacket::getUInt32(MTP_CONTAINER_LENGTH_OFFSET);
+    allocate(total);
     int remaining = total - MTP_CONTAINER_HEADER_SIZE;
     ret = ::read(fd, &mBuffer[0] + MTP_CONTAINER_HEADER_SIZE, remaining);
     if (ret != remaining)
commit	1d34b4b921cdac91116e456d97b57a1931e9e335	[log] [tgz]
author	Mike Lockwood <lockwood@android.com>	Tue Nov 30 12:16:58 2010 -0500
committer	Mike Lockwood <lockwood@android.com>	Tue Nov 30 12:19:41 2010 -0500
tree	735567f60688e6e677acb1fe941b64a234990ee0
parent	841af895d7f5051b9e96899710dba8d3fe2af1f2 [diff]