Blame SOURCES/0011-wacom-usb-Fix-a-buffer-overread-spotted-by-AddressSa.patch
|
 |
c5a379 |
From 60b5598032b3c36660984e7d49a5ff929ecd6e26 Mon Sep 17 00:00:00 2001
|
|
|
c5a379 |
From: Richard Hughes <richard@hughsie.com>
|
|
|
c5a379 |
Date: Mon, 8 Feb 2021 18:41:45 +0000
|
|
|
c5a379 |
Subject: [PATCH 11/11] wacom-usb: Fix a buffer-overread spotted by
|
|
|
c5a379 |
AddressSanitizer
|
|
|
c5a379 |
|
|
|
c5a379 |
---
|
|
|
c5a379 |
plugins/wacom-usb/fu-wac-firmware.c | 2 +-
|
|
|
c5a379 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
c5a379 |
|
|
|
c5a379 |
diff --git plugins/wacom-usb/fu-wac-firmware.c plugins/wacom-usb/fu-wac-firmware.c
|
|
|
c5a379 |
index d3a41682..ae1e7cac 100644
|
|
|
c5a379 |
--- plugins/wacom-usb/fu-wac-firmware.c
|
|
|
c5a379 |
+++ plugins/wacom-usb/fu-wac-firmware.c
|
|
|
c5a379 |
@@ -65,7 +65,7 @@ fu_wac_firmware_parse (FuFirmware *firmware,
|
|
|
c5a379 |
guint cmdlen = strlen (lines[i]);
|
|
|
c5a379 |
|
|
|
c5a379 |
/* header info record */
|
|
|
c5a379 |
- if (memcmp (lines[i] + 2, "COM", 3) == 0) {
|
|
|
c5a379 |
+ if (cmdlen > 3 && memcmp (lines[i] + 2, "COM", 3) == 0) {
|
|
|
c5a379 |
guint8 header_image_cnt = 0;
|
|
|
c5a379 |
if (cmdlen != 40) {
|
|
|
c5a379 |
g_set_error (error,
|
|
|
c5a379 |
--
|
|
|
c5a379 |
2.29.2
|
|
|
c5a379 |
|