At Wed, 26 Oct 2011 15:15:24 +0200, Alexander Stein wrote:
Hello,
On Wednesday 26 October 2011 14:58:43 Takashi Iwai wrote:
At Wed, 26 Oct 2011 09:48:12 +0200,
Alexander Stein wrote:
If a line in the firmware file is larger than the given buffer size (and so the firmware file size), size is set to a value larger than the actual buffer size. This results in an overflow in the buffer passed. Fix this by copying only up to 127 chars per line.
Actually this check should have been
if (size > fw->size) size = fw->size;
Otherwise it doesn't make sense. If the change is OK, could you resend the patch with it?
IMO this check isn't even needed. This case should be catched by this check
for (len = 0; len < fw->size; len++) {
already. Opinions?
Right, it's superfluous. Let's get rid of it.
Takashi