This was reproduced on intel USB 3.0 controller.
After getting corrupt packet we was jumping bejond allocated buffer.
Insted of oopsing we can at lest warn hier.
Signed-off-by: Oleksij Rempel <linux@rempel-privat.de>
// accumulate the size
cmdLen += usbfifolen;
// accumulate the size
cmdLen += usbfifolen;
+ if (cmdLen > buf->desc_list->buf_size) {
+ A_PRINTF("Data length on EP4 FIFO is bigger as allocated buffer data!"
+ " Drop it!\n");
+ goto ERR;
+ }
// round it to alignment
if(usbfifolen % 4)
// round it to alignment
if(usbfifolen % 4)