staging: xillybus: Add sanity check in interrupt handler

Data arriving from the hardware is verified prior to its use. The lack of
this check has never been reported to cause a problem, but it's necessary
nevertheless.

Signed-off-by: Eli Billauer <eli.billauer@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/xillybus/xillybus_core.c b/drivers/staging/xillybus/xillybus_core.c
index 5fca58e4e082dab787cd5d6b87905cbd05d79989..fa799795f714b4ddedca3e0d40f8be7473a5c8e0 100644 (file)
--- a/drivers/staging/xillybus/xillybus_core.c
+++ b/drivers/staging/xillybus/xillybus_core.c
@@ -267,6 +267,12 @@ irqreturn_t xillybus_isr(int irq, void *data)
 
                        break;
                case XILLYMSG_OPCODE_FIFOEOF:
+                       if ((msg_channel > ep->num_channels) ||
+                           (msg_channel == 0) || (!msg_dir) ||
+                           !ep->channels[msg_channel]->num_wr_buffers) {
+                               malformed_message(ep, &buf[i]);
+                               break;
+                       }
                        channel = ep->channels[msg_channel];
                        spin_lock(&channel->wr_spinlock);
                        channel->wr_eof = msg_bufno;