From 53090f76505d2109d86175f6d002b69996d90eea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= <slavek.banko@axis.cz>
Date: Mon, 14 Sep 2015 01:27:38 +0200
Subject: [PATCH] Fix potential buffer overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
---
 kernel/kls_hdr/fmt_codec_hdr.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kernel/kls_hdr/fmt_codec_hdr.cpp b/kernel/kls_hdr/fmt_codec_hdr.cpp
index 9819504..33af0a0 100644
--- a/kernel/kls_hdr/fmt_codec_hdr.cpp
+++ b/kernel/kls_hdr/fmt_codec_hdr.cpp
@@ -283,7 +283,8 @@ bool fmt_codec::getHdrHead()
 	bool done = false;
 	s8 a, b;
 	s8 x[2], y[2];
-	s8 buff[80];
+	const u32 buffSize = 80;
+	s8 buff[buffSize];
 	u32 count = 0;
 
 	if(!frs.readK(hdr.sig, sizeof(hdr.sig)-1)) return false;
@@ -320,6 +321,9 @@ bool fmt_codec::getHdrHead()
 		if(!frs.readK(&a, sizeof(s8))) return false;
 
 		++count;
+		if (count > buffSize-1) {
+			return false;
+		}
 	}
 
 	buff[count] = '\0';