ShuriZma
/
pcsx2
mirror of https://github.com/PCSX2/pcsx2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

USB: Fix possible buffer overflow in webcam

This commit is contained in:
Stenzek 2024-01-27 17:49:07 +10:00 committed by Connor McLaughlin
parent e5bb405b47
commit c5a2844367
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pcsx2/USB/usb-eyetoy/usb-eyetoy-webcam.cpp
View File

@ -273,7 +273,7 @@ namespace usb_eyetoy
static void webcam_handle_data_eyetoy(USBDevice* dev, USBPacket* p) static void webcam_handle_data_eyetoy(USBDevice* dev, USBPacket* p)
{ {
EYETOYState* s = USB_CONTAINER_OF(dev, EYETOYState, dev); EYETOYState* s = USB_CONTAINER_OF(dev, EYETOYState, dev);
static const int max_ep_size = 896; static const unsigned int max_ep_size = 896;
uint8_t devep = p->ep->nr; uint8_t devep = p->ep->nr;
if (!s->hw_camera_running) if (!s->hw_camera_running)
@ -326,7 +326,7 @@ namespace usb_eyetoy
s->frame_step = 0; s->frame_step = 0;
} }
usb_packet_copy(p, data, max_ep_size); usb_packet_copy(p, data, std::min(max_ep_size, p->buffer_size));
} }
else if (devep == 2) else if (devep == 2)
{ {
@ -346,7 +346,7 @@ namespace usb_eyetoy
static void webcam_handle_data_ov511p(USBDevice* dev, USBPacket* p) static void webcam_handle_data_ov511p(USBDevice* dev, USBPacket* p)
{ {
EYETOYState* s = USB_CONTAINER_OF(dev, EYETOYState, dev); EYETOYState* s = USB_CONTAINER_OF(dev, EYETOYState, dev);
static const int max_ep_size = 960; // 961 static const unsigned int max_ep_size = 960; // 961
uint8_t devep = p->ep->nr; uint8_t devep = p->ep->nr;
if (!s->hw_camera_running) if (!s->hw_camera_running)
@ -397,7 +397,7 @@ namespace usb_eyetoy
s->frame_step = 0; s->frame_step = 0;
} }
usb_packet_copy(p, data, max_ep_size); usb_packet_copy(p, data, std::min(max_ep_size, p->buffer_size));
} }
break; break;
case USB_TOKEN_OUT: case USB_TOKEN_OUT: