USB: gadget: Read buffer overflow

Check whether index is within bounds before testing the element. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: David Brownell <david-b@pacbell.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

USB: gadget: Read buffer overflow
Check whether index is within bounds before testing the element. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: David Brownell <david-b@pacbell.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
417b57b3 · Roel Kluin · Greg Kroah-Hartman · d0defb85 · 417b57b3
Commit 417b57b3 authored Aug 06, 2009 by Roel Kluin Committed by Greg Kroah-Hartman Sep 23, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/usb/gadget/composite.c drivers/usb/gadget/composite.c +1 -1

No files found.
--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -602,7 +602,7 @@ static int get_string(struct usb_composite_dev *cdev,
 			}
 		}

-		for (len = 0; s->wData[len] && len <= 126; len++)
+		for (len = 0; len <= 126 && s->wData[len]; len++)
 			continue;
 		if (!len)
 			return -EINVAL;