[Pkg-running-devel] Bug#816314: Fix patch for 816314.

[Fenix]

Dear maintainer:

As the new version didn't fix this bug, I looked to the code and I find 
the problem (at least for me, but I really don't know how this error has 
been hidden just now. Maybe the old libusb masked the error in the code?).

The problem is in protocol.c

In the code:

--
case Tag_Appl_Prot_Id:
memset(datatypes,0,size * sizeof(uint16));
for ( j = i+1; p.packet.data[3*j] == Tag_Data_Type_Id; j++ ) {
datatypes[j-i-1] = get_uint16(p.packet.data + 3*j + 1);
}
--


The outing condition for the FOR loop throws the segmentation because 
didn't check the limit of j.


I fixed it checking first the counter 'j' and adjust it to the limit of 
the data.


--
case Tag_Appl_Prot_Id:
memset(datatypes,0,size * sizeof(uint16));
for ( j = i+1; (j<=size) && (p.packet.data[3*j] == Tag_Data_Type_Id); 
j++ ) {
datatypes[j-i-1] = get_uint16(p.packet.data + 3*j + 1);
}
--


I attach the patch file that fix this bug.

This is my first time I send a patch, so maybe it doesn't correct. If 
you need more information or anything else feel free to ask.


Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 816314_fix.patch
Type: text/x-patch
Size: 694 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-running-devel/attachments/20160406/c4b94044/attachment.bin>