From 84918fd0752fd5d6360198e8f8c3efb02082dda8 Mon Sep 17 00:00:00 2001 From: Romain Tartiere Date: Thu, 30 Jun 2011 13:35:40 +0000 Subject: [PATCH] Fix invalid memory access when a new driver is probing for hardware and the number of requested devices was already reached. The probing functions assume that at least one device should be found and passed to the caller, and only after finding such a device they will check that they should eventually stop looking for more devices. While we could make each probing function capable of handling the special-case of finding 0 devices, it is much more consistent to perform the check from the calling function. --- libnfc/nfc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libnfc/nfc.c b/libnfc/nfc.c index e38d388..a517375 100644 --- a/libnfc/nfc.c +++ b/libnfc/nfc.c @@ -154,6 +154,8 @@ nfc_list_devices (nfc_device_desc_t pnddDevices[], size_t szDevices, size_t * ps if (ndr->probe (pnddDevices + (*pszDeviceFound), szDevices - (*pszDeviceFound), &szN)) { *pszDeviceFound += szN; DBG ("%ld device(s) found using %s driver", (unsigned long) szN, ndr->name); + if (*pszDeviceFound == szDevices) + break; } pndr++; }