On 15/06/2016 18:16, P J P wrote:
> From: Prasad J Pandit <[email protected]>
>
> While doing DMA read into ESP command buffer 's->cmdbuf', the
> length parameter could exceed the buffer size. Add check to avoid
> OOB access. Also increase the command buffer size to 32, which
> is maximum when 's->do_cmd' is set.
Actually, the commit message is wrong. The length parameter cannot
exceed the buffer size anymore. Can you do a v4 with the corrected
commit message and an assert that avoids overflows like in Laszlo's
proposal? I think this:
assert (s->cmdlen <= sizeof(s->cmdbuf) &&
len <= sizeof(s->cmdbuf) - s->cmdlen);
would do.
Thanks,
Paolo
