On Mon, Jul 17, 2017 at 08:47:25PM -0400, Jacob von Chorus wrote: > -static void readinfo_bitstream(char *bitdata, char *buf, int *offset) > +static int readinfo_bitstream(char *bitdata, char *buf, int size, int *offset) > { > char tbuf[64]; > s32 len; > @@ -59,9 +59,15 @@ static void readinfo_bitstream(char *bitdata, char *buf, int *offset) > read_bitstream(bitdata, tbuf, offset, 2); > > len = tbuf[0] << 8 | tbuf[1]; > + if ((len + 1) > size) { > + pr_err("error: readinfo buffer too small\n"); > + return -ETOOSMALL; Probably the correct error code is -EINVAL. I should have just said that in the first email. regards, dan carpenter _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel