From d6df0040c3e9145d2eeef2a33aa18d3006ce670b Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Thu, 28 Jun 2018 19:47:39 +0100
Subject: [PATCH] dfu: Fix a potential buffer overflow when applying a patch

---
 plugins/dfu/dfu-patch.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/dfu/dfu-patch.c b/plugins/dfu/dfu-patch.c
index 92985a114..28db852f1 100644
--- a/plugins/dfu/dfu-patch.c
+++ b/plugins/dfu/dfu-patch.c
@@ -507,7 +507,7 @@ dfu_patch_apply (DfuPatch *self, GBytes *blob, DfuPatchApplyFlags flags, GError
 	}
 
 	data_new = g_malloc0 (sz_max);
-	memcpy (data_new, data_old, sz_max);
+	memcpy (data_new, data_old, MIN (sz, sz_max));
 	for (guint i = 0; i < priv->chunks->len; i++) {
 		DfuPatchChunk *chunk = g_ptr_array_index (priv->chunks, i);
 		const guint8 *chunk_data;