From 3fcd09602c0dfff8c0fafe6c4f9bba6b0fd72c30 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Mon, 27 Oct 2014 21:52:38 -0400 Subject: cdrom_id: do not attempt to read past end of buffer CID #1238437 --- src/udev/cdrom_id/cdrom_id.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/udev/cdrom_id') diff --git a/src/udev/cdrom_id/cdrom_id.c b/src/udev/cdrom_id/cdrom_id.c index c93a7bf8d1..7a4b98726c 100644 --- a/src/udev/cdrom_id/cdrom_id.c +++ b/src/udev/cdrom_id/cdrom_id.c @@ -606,7 +606,7 @@ static int cd_profiles(struct udev *udev, int fd) switch (feature) { case 0x00: log_debug("GET CONFIGURATION: feature 'profiles', with %i entries", features[i+3] / 4); - feature_profiles(udev, &features[i]+4, features[i+3]); + feature_profiles(udev, &features[i]+4, MIN(features[i+3], len - i - 4)); break; default: log_debug("GET CONFIGURATION: feature 0x%04x , with 0x%02x bytes", feature, features[i+3]); -- cgit v1.2.3