jackcartersmith/blackmagic
1
0
Fork 0
Code Issues Pull Requests Releases Activity

usb: Prevent memcpy() being called with NULL arguments

Browse Source 
If there is no additional iface data then iface->extra is NULL and
iface->extralen is zero. Passing NULL to memcpy is undefined behaviour
even if the length of data to copy is zero. In other words a conforming
(debug) memcpy implementation is permitted to assert(dst && src) without
checking the value of n.

Add an extra branch to avoid this.
This commit is contained in:
Daniel Thompson 2014-12-05 08:48:59 +00:00 committed by Karl Palsson
parent 342ec6e9e3
commit 0b63408260
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/usb/usb_standard.c
View File

@ -93,12 +93,14 @@ static uint16_t build_config_descriptor(usbd_device *usbd_dev,
total += count;
totallen += iface->bLength;
/* Copy extra bytes (function descriptors). */
memcpy(buf, iface->extra,
count = MIN(len, iface->extralen));
buf += count;
len -= count;
total += count;
totallen += iface->extralen;
if (iface->extra) {
memcpy(buf, iface->extra,
count = MIN(len, iface->extralen));
buf += count;
len -= count;
total += count;
totallen += iface->extralen;
}
/* For each endpoint... */
for (k = 0; k < iface->bNumEndpoints; k++) {
const struct usb_endpoint_descriptor *ep =