-
Committer:
Seong-Joong Kim
-
Date:
2019-02-21 10:06:06 UTC
-
Revision ID:
git-v1:ca26e85fd4f42162657aee5a065e93a4cab2b052
uru4000: Fix integer overflow in imaging_run_state()
‘img->key_number’ variable is originally from the device through bulk
endpoint of USB. The variable is immediately assigned to ‘buf[0]’ for
sending to control endpoint of the device. Here, integer overflow may
occur when the ‘img->key_number’ attempts to assign a value that is
outside of type range of ‘char’ to the ‘buf[0]’