diff options
| author | Richard Hughes <richard@hughsie.com> | 2016-11-09 20:23:40 +0000 |
|---|---|---|
| committer | Richard Hughes <richard@hughsie.com> | 2016-11-09 20:23:51 +0000 |
| commit | be58445e9e2eb17d82710b5c8131afdc1099f512 (patch) | |
| tree | 1ab81b8950e5f5837054ad871a7bb02f59f307a5 | |
| parent | 5cb72104199cf7745afdb1e5fd941d9072a867d8 (diff) | |
| download | colord-be58445e9e2eb17d82710b5c8131afdc1099f512.tar.gz | |
Fix a possible NULL dereference when talking to Spark devices
This requires a malicious or corrupted USB response from the device.
Found by Coverity.
| -rw-r--r-- | lib/ospark/osp-device.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/ospark/osp-device.c b/lib/ospark/osp-device.c index 3b31c06..e3f9267 100644 --- a/lib/ospark/osp-device.c +++ b/lib/ospark/osp-device.c @@ -222,7 +222,10 @@ osp_device_query (GUsbDevice *device, OspCmd cmd, &actual_length, OSP_USB_TIMEOUT_MS, NULL, error)) return FALSE; - memcpy (*data_out + offset_wr, buffer_out, OSP_DEVICE_EP_SIZE); + if (data_out != NULL) { + memcpy (*data_out + offset_wr, + buffer_out, OSP_DEVICE_EP_SIZE); + } if (g_getenv ("SPARK_PROTOCOL_DEBUG") != NULL) cd_buffer_debug (CD_BUFFER_KIND_RESPONSE, buffer_out, OSP_DEVICE_EP_SIZE); offset_wr += 64; |