From 3621fe2a2143cc47a81954c3a80920bb8adb71a4 Mon Sep 17 00:00:00 2001
From: Samuel Ortiz <sameo@linux.intel.com>
Date: Mon, 25 Nov 2013 00:24:00 +0100
Subject: [PATCH] nfctype1: Check for remaining space before memcpy'ing data

Code review done by Sebastian Krahmer <krahmer@suse.de>.
---
 plugins/nfctype1.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/plugins/nfctype1.c b/plugins/nfctype1.c
index e2cb93b..5e2d95a 100644
--- a/plugins/nfctype1.c
+++ b/plugins/nfctype1.c
@@ -159,6 +159,11 @@ static int data_recv(uint8_t *resp, int length, void *data)
 
 	/* Add data to tag mem */
 	tagdata = near_tag_get_data(t1_tag->tag, &data_length);
+
+	/* Check that we have enough free space */
+	if (data_length - t1_tag->data_read < (uint)length)
+		return -EINVAL;
+
 	memcpy(tagdata + t1_tag->data_read, resp + 1, length);
 
 	/* Next segment */
-- 
2.7.4