From 3a7b03f02235e955af6355dea2288d7732875109 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Fri, 12 Oct 2018 12:27:37 +0200
Subject: [PATCH] lib: Fix crash when too many minutiae were detected

struct xyt_struct uses a fixed-sized array to fit MAX_BOZORTH_MINUTIAE (200)
minutiae. MAX_FILE_MINUTIAE is 1000. So if we detected more than
MAX_BOZORTH_MINUTIAE, we would crash copying the data from the capture
to the structure.

We might want to use dynamically allocated arrays in the future (or
bigger ones) so that we don't lose minutiae.

Closes: #116
---
 libfprint/fpi-img.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/libfprint/fpi-img.c b/libfprint/fpi-img.c
index 8691bd6d..da112a47 100644
--- a/libfprint/fpi-img.c
+++ b/libfprint/fpi-img.c
@@ -269,9 +269,8 @@ static void minutiae_to_xyt(struct fp_minutiae *minutiae, int bwidth,
 	struct minutiae_struct c[MAX_FILE_MINUTIAE];
 	struct xyt_struct *xyt = (struct xyt_struct *) buf;
 
-	/* FIXME: only considers first 150 minutiae (MAX_FILE_MINUTIAE) */
-	/* nist does weird stuff with 150 vs 1000 limits */
-	int nmin = min(minutiae->num, MAX_FILE_MINUTIAE);
+	/* struct xyt_struct uses arrays of MAX_BOZORTH_MINUTIAE (200) */
+	int nmin = min(minutiae->num, MAX_BOZORTH_MINUTIAE);
 
 	for (i = 0; i < nmin; i++){
 		minutia = minutiae->list[i];