[Pcsclite-cvs-commit] r5907 - /trunk/Drivers/ccid/src/commands.c
rousseau at users.alioth.debian.org
rousseau at users.alioth.debian.org
Wed Aug 24 09:07:21 UTC 2011
Author: rousseau
Date: Wed Aug 24 09:07:20 2011
New Revision: 5907
URL: http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=5907
Log:
CCID_Transmit(): use a variable-length array
Use a VLA instead of static size of 65556 to limit stack consumption
Coverity: stack_use_local: Local variable "cmd" stack use: 65556 bytes
-> 65572 bytes total.
stack_use_overflow: The maximum stack use of 32768 bytes is exceeded.
Modified:
trunk/Drivers/ccid/src/commands.c
Modified: trunk/Drivers/ccid/src/commands.c
URL: http://svn.debian.org/wsvn/pcsclite/trunk/Drivers/ccid/src/commands.c?rev=5907&op=diff
==============================================================================
--- trunk/Drivers/ccid/src/commands.c (original)
+++ trunk/Drivers/ccid/src/commands.c Wed Aug 24 09:07:20 2011
@@ -1124,7 +1124,7 @@
RESPONSECODE CCID_Transmit(unsigned int reader_index, unsigned int tx_length,
const unsigned char tx_buffer[], unsigned short rx_length, unsigned char bBWI)
{
- unsigned char cmd[10+CMD_BUF_SIZE]; /* CCID + APDU buffer */
+ unsigned char cmd[10+tx_length]; /* CCID + APDU buffer */
_ccid_descriptor *ccid_descriptor = get_ccid_descriptor(reader_index);
status_t ret;
@@ -1178,13 +1178,6 @@
cmd[7] = bBWI; /* extend block waiting timeout */
cmd[8] = rx_length & 0xFF; /* Expected length, in character mode only */
cmd[9] = (rx_length >> 8) & 0xFF;
-
- /* check that the command is not too large */
- if (tx_length > CMD_BUF_SIZE)
- {
- DEBUG_CRITICAL2("TX Length too big: %d", tx_length);
- return IFD_NOT_SUPPORTED;
- }
memcpy(cmd+10, tx_buffer, tx_length);
More information about the Pcsclite-cvs-commit
mailing list