From 655bb0371880ed25b2e842d05f6109c762f6348e Mon Sep 17 00:00:00 2001
From: Sarah Chin <sarahchin@google.com>
Date: Mon, 3 Feb 2020 12:38:02 -0800
Subject: [PATCH] matisse-common: libril: Fix OOB vulnerability in
 setGsm/CdmaSmsBroadcastConfigInfo

Error if length > 25

Test: lunch cf_x86_phone-userdebug && mm
Bug: 144046782
[haggertk: Header update only, code is in msm8226-common]
Change-Id: I18f9745174762a52fc20bfc7273c6b3fd2118da5

Change-Id: Ia6dcbbfe11f8c49e5f7c7949304b86034bb63d35
---
 include/telephony/ril.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/telephony/ril.h b/include/telephony/ril.h
index 9c935aa..7ccd368 100644
--- a/include/telephony/ril.h
+++ b/include/telephony/ril.h
@@ -108,6 +108,7 @@ extern "C" {
 #define MAX_BANDS 8
 #define MAX_CHANNELS 32
 #define MAX_RADIO_ACCESS_NETWORKS 8
+#define MAX_BROADCAST_SMS_CONFIG_INFO 25
 
 
 typedef void * RIL_Token;