From a4e5f9c15087b61591b56894da1817db22572563 Mon Sep 17 00:00:00 2001
From: Tushar Janefalkar <tusharj@codeaurora.org>
Date: Wed, 14 Nov 2012 11:32:40 -0800
Subject: [PATCH] Add buffer length check for XTRA data

To prevent reading beyond the length of
the buffer that contains XTRA data, a
check has been introduced assuming an
approximate limit for the size of the
data

Change-Id: I7e05beadec76c3308448b9198fd23c8e8b97394d
CRs-fixed: 420623
---
 loc_api/libloc_api_50001/loc.cpp | 8 ++++++--
 loc_api/libloc_api_50001/loc.h   | 2 ++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/loc_api/libloc_api_50001/loc.cpp b/loc_api/libloc_api_50001/loc.cpp
index 0a933af0..83249f40 100644
--- a/loc_api/libloc_api_50001/loc.cpp
+++ b/loc_api/libloc_api_50001/loc.cpp
@@ -801,8 +801,12 @@ SIDE EFFECTS
 static int loc_xtra_inject_data(char* data, int length)
 {
     ENTRY_LOG();
-    int ret_val = loc_eng_xtra_inject_data(loc_afw_data, data, length);
-
+    int ret_val = -1;
+    if( (data != NULL) && ((unsigned int)length <= XTRA_DATA_MAX_SIZE))
+        ret_val = loc_eng_xtra_inject_data(loc_afw_data, data, length);
+    else
+        LOC_LOGE("%s, Could not inject XTRA data. Buffer address: %p, length: %d",
+                 __func__, data, length);
     EXIT_LOG(%d, ret_val);
     return ret_val;
 }
diff --git a/loc_api/libloc_api_50001/loc.h b/loc_api/libloc_api_50001/loc.h
index 55456193..8f41659a 100644
--- a/loc_api/libloc_api_50001/loc.h
+++ b/loc_api/libloc_api_50001/loc.h
@@ -38,6 +38,8 @@ extern "C" {
 #include <hardware/gps.h>
 #include <gps_extended.h>
 
+#define XTRA_DATA_MAX_SIZE 100000 /*bytes*/
+
 typedef void (*loc_location_cb_ext) (UlpLocation* location, void* locExt);
 typedef void (*loc_sv_status_cb_ext) (GpsSvStatus* sv_status, void* svExt);
 typedef void* (*loc_ext_parser)(void* data);