Re: [PATCH] spl: ymodem: Fix buffer overflow during Image copy

On Mon, Jan 31, 2022 at 09:49:19AM +0530, Vignesh Raghavendra wrote: > ymodem_read_fit() driver will end copying up to BUF_SIZE boundary even > when requested size of copy operation is less than that. > For example, if offset = 0, size = 1440B, ymodem_read_fit() ends up > copying 2KB from offset

[PATCH] spl: ymodem: Fix buffer overflow during Image copy

ymodem_read_fit() driver will end copying up to BUF_SIZE boundary even when requested size of copy operation is less than that. For example, if offset = 0, size = 1440B, ymodem_read_fit() ends up copying 2KB from offset = 0, to destination buffer addr This causes data corruption when malloc'd