On Sun, Oct 16, 2016 at 06:25:21PM +0200, Gerhard Sittig wrote:
> Fix the array size check in the sigma_write_register() routine.  The
> 'len' parameter specifies the number of bytes to write, while the 'buf'
> array holds one nibble per array item.
> The previous implementation (commit e8686e3ae36c1) switched to a
> constant size and made the buffer large enough so that no existing
> request would exceed the buffer, fixing an overflow that was present
> before that commit.  But the most recent size check was incomplete and
> might erroneously succeed for larger amounts of write data.
> It's assumed that the issue which gets addressed here never occured in
> practice.  The constant-size buffer could hold up to 39 bytes of input
> data in their transport representation, while the largest data that was
> passed to the write routine is six bytes (trigger LUT params).
> Fixes: e8686e3ae36c1 "asix-sigma: Avoid use of variable length arrays"
> Signed-off-by: Gerhard Sittig <gerhard.sit...@gmx.net>

Merged, thanks!

http://hermann-uwe.de | http://randomprojects.org | http://sigrok.org

Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
sigrok-devel mailing list

Reply via email to