aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--ChangeLog5
-rw-r--r--o3000.c9
-rw-r--r--o3000.h3
-rw-r--r--o3000_private.h7
-rw-r--r--o3000_xfer_handler.c9
5 files changed, 24 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index f1ec48c..afab5af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,11 @@
- ChangeLog O-3000 Host Driver
-------------------------------------------------------------------------------
+Version 2.0.3
+ 2019-09-25 - SP
+ * Added "paranoia check" for wraparound_chunk_size check in handle_transfer().
+ * Moved macro definition of MAX_IMAGE_SIZE from o3000.c to o3000_private.h.
+
Version 2.0.2
2018-04-11-PR
* Function handle_transfer() rewritten:
diff --git a/o3000.c b/o3000.c
index 16b355f..89e6299 100644
--- a/o3000.c
+++ b/o3000.c
@@ -255,15 +255,8 @@ or a transfer may contain several frames.
/**
- * Maximum image size ever expected.
- *
- * @note The size must be a multiple of 512 bytes!
- */
-#define MAX_IMAGE_SIZE (1280*964*2+IMAGE_HEADER_SIZE)
-
-/**
* Minimum video cache size.
- * It's the double of the maximum image size ever expected.
+ * It's equal to the maximum image size which would appear.
*/
#define MIN_VIDEO_CACHE_SIZE (MAX_IMAGE_SIZE)
diff --git a/o3000.h b/o3000.h
index 8b297a6..274956e 100644
--- a/o3000.h
+++ b/o3000.h
@@ -36,7 +36,8 @@
/**
* O-3000 library version
*/
-#define O3000_VERSION "2.0.2"
+#define O3000_VERSION "2.0.3"
+
#define O3000_VID 0x0483 ///< O3000 vendor ID
#define O3000_PID 0xA098 ///< O3000 product ID
diff --git a/o3000_private.h b/o3000_private.h
index d6e3490..fb55ecf 100644
--- a/o3000_private.h
+++ b/o3000_private.h
@@ -40,6 +40,13 @@
#define FALSE 0 ///< FALSE value must be 0
+/**
+ * Maximum image size ever expected.
+ *
+ * @note The size must be a multiple of 512 bytes!
+ */
+#define MAX_IMAGE_SIZE (1280*964*2+IMAGE_HEADER_SIZE)
+
/**
* Image frame synchronization state
diff --git a/o3000_xfer_handler.c b/o3000_xfer_handler.c
index 0d3897b..d0cc73b 100644
--- a/o3000_xfer_handler.c
+++ b/o3000_xfer_handler.c
@@ -150,6 +150,15 @@ void handle_transfer(struct o3000_session_t *session, uint8_t *addr, int len) {
* to the video cache.
*/
wraparound_chunk_size = session->frame_size - (session->frame_buf - session->frame_start);
+ if(wraparound_chunk_size < 0 || wraparound_chunk_size > MAX_IMAGE_SIZE) {
+ /*
+ * Paranoia check:
+ * Ensure that the wraparound_chunk_size is always positive and does not exceed the end of the frame_buf.
+ * (Cases were noticed where the wraparound_chunk_size becomes negative.)
+ */
+ session->frame_state = IMG_FRAME_STATE_NOSYNC;
+ return;
+ }
o3000_log(session, O3000_LOG_DEBUG, "%s: wrap-around, copy %d bytes to frame buffer\n", __func__, wraparound_chunk_size);
memcpy(session->frame_buf, session->video_cache, wraparound_chunk_size);
}