git-server-git.apps.pok.os.sepia.ceph.com Git

author	Ian Abbott <abbotti@mev.co.uk>
	Thu, 5 Feb 2026 13:39:49 +0000 (13:39 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 2 Apr 2026 12:39:21 +0000 (14:39 +0200)
commit	3fb43a7a5b44713f892c58ead2e5f3a1bc9f4ee7
tree	db1255f645437d0e0109de3ea84e9fdb4f5195f4	tree \| snapshot
parent	101ab946b79ad83b36d5cfd47de587492a80acf0	commit \| diff

comedi: me4000: Fix potential overrun of firmware buffer

`me4000_xilinx_download()` loads the firmware that was requested by
`request_firmware()`.  It is possible for it to overrun the source
buffer because it blindly trusts the file format.  It reads a data
stream length from the first 4 bytes into variable `file_length` and
reads the data stream contents of length `file_length` from offset 16
onwards.

Add a test to ensure that the supplied firmware is long enough to
contain the header and the data stream.  On failure, log an error and
return `-EINVAL`.

Note: The firmware loading was totally broken before commit ac584af59945
("staging: comedi: me4000: fix firmware downloading"), but that is the
most sensible target for this fix.

Fixes: ac584af59945 ("staging: comedi: me4000: fix firmware downloading")
Cc: stable <stable@kernel.org>
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Link: https://patch.msgid.link/20260205133949.71722-1-abbotti@mev.co.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>