From 573195b6d28da1a517913f362b0d13e68cfe0788 Mon Sep 17 00:00:00 2001
From: Arian <arian.kulmer@web.de>
Date: Mon, 18 Mar 2024 09:43:51 +0100
Subject: [PATCH] sm8450-common: udfps: Don't try to read with a negative
 length

Change-Id: If404b671eff00ac8281af2038a113519cd10cc9d
---
 udfps/UdfpsHandler.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/udfps/UdfpsHandler.cpp b/udfps/UdfpsHandler.cpp
index 0322204..c1cdd5e 100644
--- a/udfps/UdfpsHandler.cpp
+++ b/udfps/UdfpsHandler.cpp
@@ -77,7 +77,13 @@ static disp_event_resp* parseDispEvent(int fd) {
     struct disp_event_resp* response =
             reinterpret_cast<struct disp_event_resp*>(malloc(header.length));
     response->base = header;
+
     int dataLength = response->base.length - sizeof(response->base);
+    if (dataLength < 0) {
+        LOG(ERROR) << "invalid data length: " << response->base.length;
+        return nullptr;
+    }
+
     ssize_t dataSize = read(fd, &response->data, dataLength);
     if (dataSize < dataLength) {
         LOG(ERROR) << "unexpected display event data size: " << dataSize;