drivers/usbdev/pl2303.c: Don't let maximum number of bytes in request…

… exceed CONFIG_PL2303_BULKIN_REQLEN The request length may not exceed CONFIG_PL2303_BULKIN_REQLEN, otherwise buffer overflow will occur Signed-off-by: Jukka Laitinen <[email protected]>
tiiuae · Oct 2, 2024 · 1a4bba5 · 1a4bba5
1 parent 31eb778
commit 1a4bba5
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/drivers/usbdev/pl2303.c b/drivers/usbdev/pl2303.c
@@ -636,7 +636,8 @@ static int usbclass_sndpacket(FAR struct pl2303_dev_s *priv)
 
   /* Get the maximum number of bytes that will fit into one bulk IN request */
 
-  reqlen = MAX(CONFIG_PL2303_BULKIN_REQLEN, ep->maxpacket);
+  reqlen = ep->maxpacket > CONFIG_PL2303_BULKIN_REQLEN ?
+             CONFIG_PL2303_BULKIN_REQLEN : ep->maxpacket;
 
   while (!sq_empty(&priv->reqlist))
     {