From be58445e9e2eb17d82710b5c8131afdc1099f512 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Wed, 9 Nov 2016 20:23:40 +0000 Subject: Fix a possible NULL dereference when talking to Spark devices This requires a malicious or corrupted USB response from the device. Found by Coverity. --- lib/ospark/osp-device.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/ospark/osp-device.c b/lib/ospark/osp-device.c index 3b31c06..e3f9267 100644 --- a/lib/ospark/osp-device.c +++ b/lib/ospark/osp-device.c @@ -222,7 +222,10 @@ osp_device_query (GUsbDevice *device, OspCmd cmd, &actual_length, OSP_USB_TIMEOUT_MS, NULL, error)) return FALSE; - memcpy (*data_out + offset_wr, buffer_out, OSP_DEVICE_EP_SIZE); + if (data_out != NULL) { + memcpy (*data_out + offset_wr, + buffer_out, OSP_DEVICE_EP_SIZE); + } if (g_getenv ("SPARK_PROTOCOL_DEBUG") != NULL) cd_buffer_debug (CD_BUFFER_KIND_RESPONSE, buffer_out, OSP_DEVICE_EP_SIZE); offset_wr += 64; -- cgit v1.2.1