From a7678118be2f83b048070fabf8d76a5f148dc00c Mon Sep 17 00:00:00 2001
From: leslie <unknown>
Date: Tue, 15 Sep 2009 16:48:34 +0800
Subject: [PATCH] cardclient-gbox: fix ECM buffer handling

---
 systems/cardclient/gbox.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/systems/cardclient/gbox.c b/systems/cardclient/gbox.c
index 3b16119..07ffff9 100644
--- a/systems/cardclient/gbox.c
+++ b/systems/cardclient/gbox.c
@@ -101,7 +101,11 @@ bool cCardClientGbox::ProcessECM(const cEcmInfo *ecm, const unsigned char *data,
     0xf0,0x00,		// prg info len
     0x02, 0xff,0xec, 0xf0,0x00
     };
-  unsigned char *buff=AUTOMEM(sizeof(pmt)+8+n);
+  unsigned char buff[512];
+  if(sizeof(pmt)+n+8>sizeof(buff)) {
+    PRINTF(L_CC_GBOX,"CA descriptor buffer overflow %d",sizeof(pmt)+n+8);
+    return false;
+    }
   memcpy(buff,pmt,sizeof(pmt));
   buff[4]=ecm->prgId >> 8;
   buff[5]=ecm->prgId & 0xFF;
-- 
2.39.5