cdrom_id: do not attempt to read past end of buffer

CID #1238437

diff --git a/src/udev/cdrom_id/cdrom_id.c b/src/udev/cdrom_id/cdrom_id.c
index c93a7bf8d13180d3de4d67733d67faa663e67682..7a4b98726cb03b1c666ae675e0ee141eebb80693 100644 (file)
--- a/src/udev/cdrom_id/cdrom_id.c
+++ b/src/udev/cdrom_id/cdrom_id.c
@@ -606,7 +606,7 @@ static int cd_profiles(struct udev *udev, int fd)
                 switch (feature) {
                 case 0x00:
                         log_debug("GET CONFIGURATION: feature 'profiles', with %i entries", features[i+3] / 4);
-                        feature_profiles(udev, &features[i]+4, features[i+3]);
+                        feature_profiles(udev, &features[i]+4, MIN(features[i+3], len - i - 4));
                         break;
                 default:
                         log_debug("GET CONFIGURATION: feature 0x%04x <ignored>, with 0x%02x bytes", feature, features[i+3]);