From c7067d005723e613b7e1332d8d9fa7ca0f10e602 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Fri, 27 Apr 2018 12:36:53 +0200
Subject: [PATCH] CHG:  added extra out-of-bounds check when downloading data
 from device.

---
 client/cmdmain.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/client/cmdmain.c b/client/cmdmain.c
index c40d52729..cff5d745d 100644
--- a/client/cmdmain.c
+++ b/client/cmdmain.c
@@ -236,6 +236,11 @@ void UsbCommandReceived(UsbCommand* _ch) {
 			uint32_t len = MIN(c->arg[1], sample_buf_size);
 			//uint32_t tracelen = c->arg[2];
 			
+			// extended bounds check.
+			if ( offset + len > sample_buf_size ) {
+				PrintAndLogEx(FAILED, "ERROR: Out of bounds when downloading from device,  offset %u | len %u | total len %u > sample_buf_size %u", offset, len,  offset+len,  sample_buf_size);
+				break;
+			}
 			//printf("SAMPLE_BUF_SIZE  %u |   adjusted len %u | offset %u\n", sample_buf_size, len, offset);
 			
 			memcpy( sample_buf + offset, c->d.asBytes, len);