Oliver Neukum <[email protected]> writes:
> @@ -185,9 +187,17 @@ static void wdm_in_callback(struct urb *urb)
> }
>
> desc->rerr = status;
> - desc->reslength = urb->actual_length;
> - memmove(desc->ubuf + desc->length, desc->inbuf, desc->reslength);
> - desc->length += desc->reslength;
> + if (length + desc->length > desc->wMaxCommand) {
> + /* The buffer would overflow */
> + set_bit(WDM_OVERFLOW, &desc->flags);
> + } else {
> + /* we may already be in overflow */
> + if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
> + memmove(desc->ubuf + desc->length, desc->inbuf,
> desc->reslength);
> + desc->length += length;
> + desc->reslength = length;
> + }
This is not OK. Should probably be
memmove(desc->ubuf + desc->length, desc->inbuf, length);
?
Bjørn
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
