On Sun, Oct 16, 2016 at 06:25:21PM +0200, Gerhard Sittig wrote: > Fix the array size check in the sigma_write_register() routine. The > 'len' parameter specifies the number of bytes to write, while the 'buf' > array holds one nibble per array item. > > The previous implementation (commit e8686e3ae36c1) switched to a > constant size and made the buffer large enough so that no existing > request would exceed the buffer, fixing an overflow that was present > before that commit. But the most recent size check was incomplete and > might erroneously succeed for larger amounts of write data. > > It's assumed that the issue which gets addressed here never occured in > practice. The constant-size buffer could hold up to 39 bytes of input > data in their transport representation, while the largest data that was > passed to the write routine is six bytes (trigger LUT params). > > Fixes: e8686e3ae36c1 "asix-sigma: Avoid use of variable length arrays" > > Signed-off-by: Gerhard Sittig <gerhard.sit...@gmx.net>
Merged, thanks! Uwe. -- http://hermann-uwe.de | http://randomprojects.org | http://sigrok.org ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ sigrok-devel mailing list sigrok-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sigrok-devel