mirrors/libfprint
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libfprint/libfprint.git synced 2025-11-15 07:38:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

uru4000: Fix integer overflow in imaging_run_state()

Browse Source 
‘img->key_number’ variable is originally from the device through bulk
endpoint of USB. The variable is immediately assigned to ‘buf[0]’ for
sending to control endpoint of the device. Here, integer overflow may
occur when the ‘img->key_number’ attempts to assign a value that is
outside of type range of ‘char’ to the ‘buf[0]’
This commit is contained in:
Seong-Joong Kim
2019-02-20 14:17:27 +09:00
parent 0714380360
commit ca26e85fd4
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libfprint/drivers/uru4000.c
View File

@@ -710,7 +710,7 @@ static void imaging_run_state(fpi_ssm *ssm, struct fp_dev *_dev, void *user_data
uint32_t key;
uint8_t flags, num_lines;
int i, r, to, dev2;
char buf[5];
unsigned char buf[5];
switch (fpi_ssm_get_cur_state(ssm)) {
case IMAGING_CAPTURE: