[media] firewire: firedtv-avc: fix more potential buffer overflow
authorDan Carpenter <dan.carpenter@oracle.com>
Tue, 9 Sep 2014 12:11:23 +0000 (09:11 -0300)
committerMauro Carvalho Chehab <mchehab@osg.samsung.com>
Tue, 23 Sep 2014 19:13:39 +0000 (16:13 -0300)
commit7ac95cf59d59473e680937319594ce0719497e98
treeb7cb5b002d0e71aacb17868f228d880cf8d5a2cb
parentcf3b576d52c1f0a204f0c8bdecc22a338f7ca5a4
[media] firewire: firedtv-avc: fix more potential buffer overflow

"program_info_length" is user controlled and can go up to 4095.  The
operand[] array has 509 bytes so we need to add a limit here to prevent
buffer overflows.

The " - 4" in the limit check is because we have 4 bytes more data to
add after the memcpy().

[mchehab@osg.samsung.com: as I merged the version 1 of the patch, I needed
 to rebase to apply just the differences between v1 and v2]
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
drivers/media/firewire/firedtv-avc.c