“libtypec” is aimed to provide a generic interface abstracting all platform complexity for user space to develop tools for efficient USB-C port management. The library can also enable development of diagnostic and debug tools to debug system issues around USB-C/USB PD topology.
34
stars
4
forks
source link
sanity checking the size of the u_usb_if.buf[0] should be performed before reading data into u_usb_if.buf in function count_billbrd_if #24
In function count_billbrd_if the first read gets the size of the amount of data to be read. If this value is 0, then the size will be 0 - 1 cast to an unsigned char, so that's 255 and subsequent data read into buf + 1 will lead to a buffer overflow in buf[]. I realize this is probably not going to happen, but I think it would be prudent to check the size before reading into buf[] to avoid any potential buffer overflows.
Rajaram-Regupathy
commented
12 months ago
In function count_billbrd_if the first read gets the size of the amount of data to be read. If this value is 0, then the size will be 0 - 1 cast to an unsigned char, so that's 255 and subsequent data read into buf + 1 will lead to a buffer overflow in buf[]. I realize this is probably not going to happen, but I think it would be prudent to check the size before reading into buf[] to avoid any potential buffer overflows.