From 86392f7d55c283a7f45253eefe2434e3f5afd7b3 Mon Sep 17 00:00:00 2001
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Mon, 27 Oct 2014 21:52:38 -0400
Subject: cdrom_id: do not attempt to read past end of buffer

CID #1238437

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
---
 src/cdrom_id/cdrom_id.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/cdrom_id')

diff --git a/src/cdrom_id/cdrom_id.c b/src/cdrom_id/cdrom_id.c
index 4d0e6e073a..9b3ab7021e 100644
--- a/src/cdrom_id/cdrom_id.c
+++ b/src/cdrom_id/cdrom_id.c
@@ -610,7 +610,7 @@ static int cd_profiles(struct udev *udev, int fd)
                 switch (feature) {
                 case 0x00:
                         log_debug("GET CONFIGURATION: feature 'profiles', with %i entries", features[i+3] / 4);
-                        feature_profiles(udev, &features[i]+4, features[i+3]);
+                        feature_profiles(udev, &features[i]+4, MIN(features[i+3], len - i - 4));
                         break;
                 default:
                         log_debug("GET CONFIGURATION: feature 0x%04x <ignored>, with 0x%02x bytes", feature, features[i+3]);
-- 
cgit v1.2.3-54-g00ecf