On Sat, 18 Apr 2020 at 07:30, Chen Qun <kuhn.chen...@huawei.com> wrote: > > There is an overflow, the source 'datain.data[2]' is 100 bytes, > but the 'ss' is 252 bytes.This may cause a security issue because > we can access a lot of unrelated memory data. > > The len for sbp copy data should take the minimum of mx_sb_len and > sb_len_wr, not the maximum.
Thanks, applied to master for 5.0. -- PMM
