summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libirecovery.c34
1 files changed, 18 insertions, 16 deletions
diff --git a/src/libirecovery.c b/src/libirecovery.c
index 45447c0..f544fbd 100644
--- a/src/libirecovery.c
+++ b/src/libirecovery.c
@@ -738,10 +738,10 @@ static int irecv_get_string_descriptor_ascii(irecv_client_t client, uint8_t desc
738 unsigned short langid = 0; 738 unsigned short langid = 0;
739 unsigned char data[256]; 739 unsigned char data[256];
740 int di, si; 740 int di, si;
741 memset(data, 0, 256); 741 memset(data, 0, sizeof(data));
742 memset(buffer, 0, size); 742 memset(buffer, 0, size);
743 743
744 ret = irecv_usb_control_transfer(client, 0x80, 0x06, (0x03 << 8) | desc_index, langid, data, 255, USB_TIMEOUT); 744 ret = irecv_usb_control_transfer(client, 0x80, 0x06, (0x03 << 8) | desc_index, langid, data, sizeof(data)-1, USB_TIMEOUT);
745 745
746 if (ret < 0) return ret; 746 if (ret < 0) return ret;
747 if (data[1] != 0x03) return IRECV_E_UNKNOWN_ERROR; 747 if (data[1] != 0x03) return IRECV_E_UNKNOWN_ERROR;
@@ -928,8 +928,8 @@ static void irecv_copy_nonce_with_tag(irecv_client_t client, const char* tag, un
928 *nonce = NULL; 928 *nonce = NULL;
929 *nonce_size = 0; 929 *nonce_size = 0;
930 930
931 memset(buf, 0, 256); 931 memset(buf, 0, sizeof(buf));
932 len = irecv_get_string_descriptor_ascii(client, 1, (unsigned char*) buf, 255); 932 len = irecv_get_string_descriptor_ascii(client, 1, (unsigned char*)buf, sizeof(buf)-1);
933 if (len < 0) { 933 if (len < 0) {
934 debug("%s: got length: %d\n", __func__, len); 934 debug("%s: got length: %d\n", __func__, len);
935 return; 935 return;
@@ -1717,8 +1717,8 @@ static irecv_error_t libusb_usb_open_handle_with_descriptor_and_ecid(irecv_clien
1717 1717
1718 if (client->mode != KIS_PRODUCT_ID) { 1718 if (client->mode != KIS_PRODUCT_ID) {
1719 char serial_str[256]; 1719 char serial_str[256];
1720 memset(serial_str, 0, 256); 1720 memset(serial_str, 0, sizeof(serial_str));
1721 irecv_get_string_descriptor_ascii(client, usb_descriptor->iSerialNumber, (unsigned char*)serial_str, 255); 1721 irecv_get_string_descriptor_ascii(client, usb_descriptor->iSerialNumber, (unsigned char*)serial_str, sizeof(serial_str)-1);
1722 irecv_load_device_info_from_iboot_string(client, serial_str); 1722 irecv_load_device_info_from_iboot_string(client, serial_str);
1723 } 1723 }
1724 1724
@@ -2275,7 +2275,7 @@ static void* _irecv_handle_device_add(void *userdata)
2275 irecv_error_t error = 0; 2275 irecv_error_t error = 0;
2276 irecv_client_t client = NULL; 2276 irecv_client_t client = NULL;
2277 2277
2278 memset(serial_str, 0, 256); 2278 memset(serial_str, 0, sizeof(serial_str));
2279#ifdef _WIN32 2279#ifdef _WIN32
2280 struct irecv_win_dev_ctx *win_ctx = (struct irecv_win_dev_ctx*)userdata; 2280 struct irecv_win_dev_ctx *win_ctx = (struct irecv_win_dev_ctx*)userdata;
2281 PSP_DEVICE_INTERFACE_DETAIL_DATA_A details = win_ctx->details; 2281 PSP_DEVICE_INTERFACE_DETAIL_DATA_A details = win_ctx->details;
@@ -2422,7 +2422,7 @@ static void* _irecv_handle_device_add(void *userdata)
2422 2422
2423 product_id = client->mode; 2423 product_id = client->mode;
2424 } else { 2424 } else {
2425 libusb_error = libusb_get_string_descriptor_ascii(usb_handle, devdesc.iSerialNumber, (unsigned char*)serial_str, 255); 2425 libusb_error = libusb_get_string_descriptor_ascii(usb_handle, devdesc.iSerialNumber, (unsigned char*)serial_str, sizeof(serial_str)-1);
2426 if (libusb_error < 0) { 2426 if (libusb_error < 0) {
2427 debug("%s: Failed to get string descriptor: %s\n", __func__, libusb_error_name(libusb_error)); 2427 debug("%s: Failed to get string descriptor: %s\n", __func__, libusb_error_name(libusb_error));
2428 return 0; 2428 return 0;
@@ -3219,8 +3219,8 @@ static irecv_error_t irecv_get_status(irecv_client_t client, unsigned int* statu
3219 } 3219 }
3220 3220
3221 unsigned char buffer[6]; 3221 unsigned char buffer[6];
3222 memset(buffer, '\0', 6); 3222 memset(buffer, '\0', sizeof(buffer));
3223 if (irecv_usb_control_transfer(client, 0xA1, 3, 0, 0, buffer, 6, USB_TIMEOUT) != 6) { 3223 if (irecv_usb_control_transfer(client, 0xA1, 3, 0, 0, buffer, sizeof(buffer), USB_TIMEOUT) != sizeof(buffer)) {
3224 *status = 0; 3224 *status = 0;
3225 return IRECV_E_USB_STATUS; 3225 return IRECV_E_USB_STATUS;
3226 } 3226 }
@@ -3559,13 +3559,14 @@ irecv_error_t irecv_getenv(irecv_client_t client, const char* variable, char** v
3559 return error; 3559 return error;
3560 } 3560 }
3561 3561
3562 char* response = (char*) malloc(256); 3562 int rsize = 256;
3563 char* response = (char*) malloc(rsize);
3563 if (response == NULL) { 3564 if (response == NULL) {
3564 return IRECV_E_OUT_OF_MEMORY; 3565 return IRECV_E_OUT_OF_MEMORY;
3565 } 3566 }
3566 3567
3567 memset(response, '\0', 256); 3568 memset(response, '\0', rsize);
3568 irecv_usb_control_transfer(client, 0xC0, 0, 0, 0, (unsigned char*) response, 255, USB_TIMEOUT); 3569 irecv_usb_control_transfer(client, 0xC0, 0, 0, 0, (unsigned char*) response, rsize-1, USB_TIMEOUT);
3569 3570
3570 *value = response; 3571 *value = response;
3571 3572
@@ -3583,13 +3584,14 @@ irecv_error_t irecv_getret(irecv_client_t client, unsigned int* value)
3583 3584
3584 *value = 0; 3585 *value = 0;
3585 3586
3586 char* response = (char*) malloc(256); 3587 int rsize = 256;
3588 char* response = (char*) malloc(rsize);
3587 if (response == NULL) { 3589 if (response == NULL) {
3588 return IRECV_E_OUT_OF_MEMORY; 3590 return IRECV_E_OUT_OF_MEMORY;
3589 } 3591 }
3590 3592
3591 memset(response, '\0', 256); 3593 memset(response, '\0', rsize);
3592 irecv_usb_control_transfer(client, 0xC0, 0, 0, 0, (unsigned char*) response, 255, USB_TIMEOUT); 3594 irecv_usb_control_transfer(client, 0xC0, 0, 0, 0, (unsigned char*) response, rsize-1, USB_TIMEOUT);
3593 3595
3594 *value = (unsigned int) *response; 3596 *value = (unsigned int) *response;
3595 3597
© 2009-2020 sukimashita.com - Generated by cgit - Icons from Tango - Uses Google Analytics