k2_fw_usb_api: prevent buffer overflow.

This was reproduced on intel USB 3.0 controller.
After getting corrupt packet we was jumping bejond allocated buffer.
Insted of oopsing we can at lest warn hier.

Signed-off-by: Oleksij Rempel <linux@rempel-privat.de>

diff --git a/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c b/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
index b8adbf43600c018df60ac93c4b48c2a8939a8553..0be8a8744ed0f89d5c11cd9085e33b7eea17efa8 100755 (executable)
--- a/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
+++ b/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
@@ -452,6 +452,11 @@ void vUsb_Reg_Out_patch(void)
     
     // accumulate the size
     cmdLen += usbfifolen;
+    if (cmdLen > buf->desc_list->buf_size) {
+        A_PRINTF("Data length on EP4 FIFO is bigger as allocated buffer data!"
+                 " Drop it!\n");
+        goto ERR;
+    }
     
     // round it to alignment
     if(usbfifolen % 4)