• Seong-Joong Kim's avatar
    uru4000: Fix integer overflow in imaging_run_state() · ca26e85f
    Seong-Joong Kim authored
    ‘img->key_number’ variable is originally from the device through bulk
    endpoint of USB. The variable is immediately assigned to ‘buf[0]’ for
    sending to control endpoint of the device. Here, integer overflow may
    occur when the ‘img->key_number’ attempts to assign a value that is
    outside of type range of ‘char’ to the ‘buf[0]’
uru4000.c 37.3 KB