Inicio Explorar Axuda
Iniciar sesión
RT-Thread-packages
/
tinyusb
réplica de https://github-proxy.rt-thread.io/RT-Thread-packages/tinyusb.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

Merge pull request #1090 from szymonh/master

Prevent buffer overflow in bth_device.c
Ha Thach %!s(int64=4) %!d(string=hai) anos
pai
5013788989 50e3c0054f
achega
7e6f954ffe
Modificáronse 1 ficheiros con 2 adicións e 2 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 2 2
      src/class/bth/bth_device.c

+ 2 - 2
src/class/bth/bth_device.c
Ver ficheiro 

@@ -214,14 +214,14 @@ bool btd_control_xfer_cb(uint8_t rhport, uint8_t stage, tusb_control_request_t c
 
     }
 
     else return false;
 
 
-    return tud_control_xfer(rhport, request, &_btd_itf.hci_cmd, request->wLength);
 
+    return tud_control_xfer(rhport, request, &_btd_itf.hci_cmd, sizeof(_btd_itf.hci_cmd));
 
   }
 
   else if ( stage == CONTROL_STAGE_DATA )
 
   {
 
     // Handle class request only
 
     TU_VERIFY(request->bmRequestType_bit.type == TUSB_REQ_TYPE_CLASS);
 
 
-    if (tud_bt_hci_cmd_cb) tud_bt_hci_cmd_cb(&_btd_itf.hci_cmd, request->wLength);
 
+    if (tud_bt_hci_cmd_cb) tud_bt_hci_cmd_cb(&_btd_itf.hci_cmd, tu_min16(request->wLength, sizeof(_btd_itf.hci_cmd)));
 
   }
 
 
   return true;