summaryrefslogtreecommitdiff
path: root/drivers/fpga/altera-fpga2sdram.c
diff options
context:
space:
mode:
authorJann Horn <jannh@google.com>2025-02-12 19:15:16 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2025-02-14 09:22:15 +0100
commit12e712964f41d05ae034989892de445781c46730 (patch)
treed7eab502904e2d60a03df0a20e6aebd7694e5795 /drivers/fpga/altera-fpga2sdram.c
parente563b01208f4d1f609bcab13333b6c0e24ce6a01 (diff)
usb: cdc-acm: Fix handling of oversized fragments
If we receive an initial fragment of size 8 bytes which specifies a wLength of 1 byte (so the reassembled message is supposed to be 9 bytes long), and we then receive a second fragment of size 9 bytes (which is not supposed to happen), we currently wrongly bypass the fragment reassembly code but still pass the pointer to the acm->notification_buffer to acm_process_notification(). Make this less wrong by always going through fragment reassembly when we expect more fragments. Before this patch, receiving an overlong fragment could lead to `newctrl` in acm_process_notification() being uninitialized data (instead of data coming from the device). Cc: stable <stable@kernel.org> Fixes: ea2583529cd1 ("cdc-acm: reassemble fragmented notifications") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/fpga/altera-fpga2sdram.c')
0 files changed, 0 insertions, 0 deletions