Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed sdps crash for some size flash.bin
memcpy size can't exceed input memory buffer size. It is fix for 3f512a6 Signed-off-by: Frank Li <[email protected]>
- Loading branch information
1 parent
596831e
commit de317f5
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -78,6 +78,10 @@ int HIDReport::write(const void *p, size_t sz, uint8_t report_id) | |
| m_out_buff[0] = report_id; | ||
|
|
||
| size_t s = sz - off; | ||
| size_t copy_sz = s; | ||
|
|
||
| if (copy_sz > m_size_out) | ||
| copy_sz = m_size_out; | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong. 
nxpfrankli
Author
Contributor
|
||
|
|
||
| /* | ||
| * The Windows HIDAPI is ver strict. It always require to send | ||
|
|
@@ -88,7 +92,8 @@ int HIDReport::write(const void *p, size_t sz, uint8_t report_id) | |
| if (s > m_size_out || report_id == 2) | ||
| s = m_size_out; | ||
|
|
||
| /* copy_sz can't be bigger then input data size, otherwise access unpaged memory */ | ||
| memcpy(m_out_buff.data() + m_size_payload, buff + off, copy_sz); | ||
|
|
||
| int ret = m_pdev->write(m_out_buff.data(), s + m_size_payload); | ||
|
|
||
|
|
||
@nxpfrankli this is done two lines below, instead now the report_id == 2 is skipped again.