wview: fix segmentation fault in WMR USB driver
authorJonas Gorski <jogo@openwrt.org>
Tue, 23 Apr 2013 09:17:07 +0000 (09:17 +0000)
committerJonas Gorski <jogo@openwrt.org>
Tue, 23 Apr 2013 09:17:07 +0000 (09:17 +0000)
Do not overflow the input buffer. This happens on slow hosts that take
long time to recompute the data on start.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
SVN-Revision: 36390

utils/wview/Makefile
utils/wview/patches/050-WMRUSB-fix-segfault-buffer-overflow.patch [new file with mode: 0644]

index 32e9de6595a4c06cad69155a39d6bae0ad9402e0..f231fa7edceac1b86c120ca5c9b935e854ab353a 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wview
 PKG_VERSION:=5.19.0-jgoerzen
-PKG_RELEASE=$(PKG_SOURCE_VERSION)-r1
+PKG_RELEASE=$(PKG_SOURCE_VERSION)-r2
 PKG_SOURCE_URL:=git://github.com/jgoerzen/wview.git
 PKG_SOURCE_VERSION:=7bfac6c11e756290c38e7b5862a4c51b6bc6c51e
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
diff --git a/utils/wview/patches/050-WMRUSB-fix-segfault-buffer-overflow.patch b/utils/wview/patches/050-WMRUSB-fix-segfault-buffer-overflow.patch
new file mode 100644 (file)
index 0000000..be518c6
--- /dev/null
@@ -0,0 +1,18 @@
+Index: wview-5.19.0-jgoerzen/stations/WMRUSB/wmrusbprotocol.c
+===================================================================
+--- wview-5.19.0-jgoerzen.orig/stations/WMRUSB/wmrusbprotocol.c        2013-03-10 22:24:28.000000000 +0400
++++ wview-5.19.0-jgoerzen/stations/WMRUSB/wmrusbprotocol.c     2013-03-10 22:25:01.000000000 +0400
+@@ -897,8 +897,11 @@
+ // Read raw USB data and buffer it for later processing:
+ void wmrReadData (WVIEWD_WORK *work, WMRUSB_MSG_DATA* msg)
+ {
+-    memcpy(&wmrWork.readData[wmrWork.readIndex], msg->data, msg->length);
+-    wmrWork.readIndex += msg->length;
++    if (wmrWork.readIndex + msg->length <= WMR_BUFFER_LENGTH)
++    {
++        memcpy(&wmrWork.readData[wmrWork.readIndex], msg->data, msg->length);
++        wmrWork.readIndex += msg->length;
++    }
+     return;
+ }