From 4142431b36911b62ef62ceaeaecfae388c46245a Mon Sep 17 00:00:00 2001
From: Jef Driesen <jefdriesen@users.sourceforge.net>
Date: Sun, 15 Jun 2008 18:18:22 +0000
Subject: [PATCH] Always return an error code if the supplied memory buffer is
 too small.

---
 src/reefnet_sensuspro.c   | 20 +++++++++++++-------
 src/reefnet_sensusultra.c | 18 ++++++++++++------
 src/uwatec_memomouse.c    | 12 ++++++++----
 src/uwatec_smart.c        |  4 ++--
 4 files changed, 35 insertions(+), 19 deletions(-)

diff --git a/src/reefnet_sensuspro.c b/src/reefnet_sensuspro.c
index 21114d1..60bf921 100644
--- a/src/reefnet_sensuspro.c
+++ b/src/reefnet_sensuspro.c
@@ -157,8 +157,10 @@ reefnet_sensuspro_handshake (sensuspro *device, unsigned char *data, unsigned in
 	serial_set_break (device->port, 0);
 
 	// Verify the checksum of the handshake packet.
-	unsigned short crc = handshake[10] + (handshake[11] << 8);
-	unsigned short ccrc = reefnet_sensuspro_checksum (handshake, sizeof (handshake) - 2);
+	unsigned short crc = 
+		 handshake[REEFNET_SENSUSPRO_HANDSHAKE_SIZE + 0] + 
+		(handshake[REEFNET_SENSUSPRO_HANDSHAKE_SIZE + 1] << 8);
+	unsigned short ccrc = reefnet_sensuspro_checksum (handshake, REEFNET_SENSUSPRO_HANDSHAKE_SIZE);
 	if (crc != ccrc) {
 		WARNING ("Unexpected answer CRC.");
 		return REEFNET_ERROR_PROTOCOL;
@@ -178,10 +180,12 @@ reefnet_sensuspro_handshake (sensuspro *device, unsigned char *data, unsigned in
 		handshake[6] + (handshake[7] << 8) + (handshake[8] << 16) + (handshake[9] << 24));
 #endif
 
-	if (size >= sizeof (handshake) - 2)
-		memcpy (data, handshake, sizeof (handshake) - 2);
-	else
+	if (size >= REEFNET_SENSUSPRO_HANDSHAKE_SIZE) {
+		memcpy (data, handshake, REEFNET_SENSUSPRO_HANDSHAKE_SIZE);
+	} else {
 		WARNING ("Insufficient buffer space available.");
+		return REEFNET_ERROR_MEMORY;
+	}
 
 	serial_sleep (10);
 
@@ -227,10 +231,12 @@ reefnet_sensuspro_read (sensuspro *device, unsigned char *data, unsigned int siz
 		return REEFNET_ERROR_PROTOCOL;
 	}
 
-	if (size >= REEFNET_SENSUSPRO_MEMORY_SIZE)
+	if (size >= REEFNET_SENSUSPRO_MEMORY_SIZE) {
 		memcpy (data, answer, REEFNET_SENSUSPRO_MEMORY_SIZE);
-	else
+	} else {
 		WARNING ("Insufficient buffer space available.");
+		return REEFNET_ERROR_MEMORY;
+	}
 
 	return REEFNET_SUCCESS;
 }
diff --git a/src/reefnet_sensusultra.c b/src/reefnet_sensusultra.c
index e12b446..4c7408a 100644
--- a/src/reefnet_sensusultra.c
+++ b/src/reefnet_sensusultra.c
@@ -291,10 +291,12 @@ reefnet_sensusultra_handshake (sensusultra *device, unsigned char *data, unsigne
 		handshake[22] + (handshake[23] << 8));
 #endif
 
-	if (size >= REEFNET_SENSUSULTRA_HANDSHAKE_SIZE)
+	if (size >= REEFNET_SENSUSULTRA_HANDSHAKE_SIZE) {
 		memcpy (data, handshake, REEFNET_SENSUSULTRA_HANDSHAKE_SIZE);
-	else
+	} else {
 		WARNING ("Insufficient buffer space available.");
+		return REEFNET_ERROR_MEMORY;
+	}
 
 	return REEFNET_SUCCESS;
 }
@@ -332,10 +334,12 @@ reefnet_sensusultra_page (sensusultra *device, unsigned char *data, unsigned int
 		return REEFNET_ERROR_PROTOCOL;
 	}
 
-	if (size >= REEFNET_SENSUSULTRA_PACKET_SIZE)
+	if (size >= REEFNET_SENSUSULTRA_PACKET_SIZE) {
 		memcpy (data, package + 2, REEFNET_SENSUSULTRA_PACKET_SIZE);
-	else
+	} else {
 		WARNING ("Insufficient buffer space available.");
+		return REEFNET_ERROR_MEMORY;
+	}
 
 	return REEFNET_SUCCESS;
 }
@@ -520,10 +524,12 @@ reefnet_sensusultra_sense (sensusultra *device, unsigned char *data, unsigned in
 	if (rc != REEFNET_SUCCESS)
 		return rc;
 
-	if (size >= REEFNET_SENSUSULTRA_SENSE_SIZE)
+	if (size >= REEFNET_SENSUSULTRA_SENSE_SIZE) {
 		memcpy (data, package, REEFNET_SENSUSULTRA_SENSE_SIZE);
-	else
+	} else {
 		WARNING ("Insufficient buffer space available.");
+		return REEFNET_ERROR_MEMORY;
+	}
 
 	return REEFNET_SUCCESS;
 }
diff --git a/src/uwatec_memomouse.c b/src/uwatec_memomouse.c
index 293b5c1..e0b07a4 100644
--- a/src/uwatec_memomouse.c
+++ b/src/uwatec_memomouse.c
@@ -233,10 +233,12 @@ uwatec_memomouse_read_packet_outer (memomouse *device, unsigned char data[], uns
 	message ("\"\n");
 #endif
 
-	if (size >= rc)
+	if (size >= rc) {
 		memcpy (data, package + 1, rc);
-	else
+	} else {
 		WARNING ("Insufficient buffer space available.");
+		return UWATEC_ERROR_MEMORY;
+	}
 
 	return rc;
 }
@@ -305,10 +307,12 @@ uwatec_memomouse_read_packet_inner (memomouse *device, unsigned char data[], uns
 	}
 
 	// Copy the package to the output buffer.
-	if (total - 3 <= size)
+	if (total - 3 <= size) {
 		memcpy (data, buffer + 1, total - 3);
-	else
+	} else {
 		WARNING ("Insufficient buffer space available.");
+		return UWATEC_ERROR_MEMORY;
+	}
 
 	free (buffer);
 
diff --git a/src/uwatec_smart.c b/src/uwatec_smart.c
index 1786305..d4e60d0 100644
--- a/src/uwatec_smart.c
+++ b/src/uwatec_smart.c
@@ -321,8 +321,8 @@ uwatec_smart_read (smart *device, unsigned char data[], unsigned int size)
 	if (length <= size) {
 		memcpy (data, package, length);
 	} else {
-		message ("Insufficient buffer space available.\n");
-		memcpy (data, package, size);
+		WARNING ("Insufficient buffer space available.");
+		return UWATEC_ERROR_MEMORY;
 	}
 
 	free (package);