logitech-hidpp: Fix possible unsafe memcpy()

PVS: A call of the 'memcpy' function will lead to underflow of the buffer.

plugins/logitech-hidpp/fu-logitech-hidpp-bootloader-texas.c

@@ -6,8 +6,6 @@
 
 #include "config.h"
 
-#include <string.h>
-
 #include "fu-logitech-hidpp-bootloader-texas.h"
 #include "fu-logitech-hidpp-common.h"
 
@@ -185,7 +183,15 @@ fu_logitech_hidpp_bootloader_texas_write_firmware(FuDevice *device,
 			req->addr = payload->addr % 0x80;
 
 		req->len = payload->len;
-		memcpy(req->data, payload->data, payload->len);
+		if (!fu_memcpy_safe(req->data,
+				    req->len,
+				    0x0, /* dst */
+				    payload->data,
+				    payload->len,
+				    0x0, /* src */
+				    payload->len,
+				    error))
+			return FALSE;
 		if (!fu_logitech_hidpp_bootloader_request(self, req, error)) {
 			g_prefix_error(error, "failed to write ram buffer @0x%02x: ", req->addr);
 			return FALSE;

plugins/logitech-hidpp/fu-logitech-hidpp-device.c

@@ -6,8 +6,6 @@
 
 #include "config.h"
 
-#include <string.h>
-
 #include "fu-logitech-hidpp-common.h"
 #include "fu-logitech-hidpp-device.h"
 #include "fu-logitech-hidpp-hidpp.h"
@@ -1102,7 +1100,15 @@ fu_logitech_hidpp_device_write_firmware_pkt(FuLogitechHidPpDevice *self,
 	/* enable transfer workaround for devices paired to Bolt receiver */
 	if (priv->device_idx != HIDPP_DEVICE_IDX_UNSET && priv->device_idx != HIDPP_DEVICE_IDX_BLE)
 		msg->flags = FU_UNIFYING_HIDPP_MSG_FLAG_RETRY_STUCK;
-	memcpy(msg->data, data, 16);
+	if (!fu_memcpy_safe(msg->data,
+			    sizeof(msg->data),
+			    0x0, /* dst */
+			    data,
+			    16,
+			    0x0, /* src */
+			    16,
+			    error))
+		return FALSE;
 	if (!fu_logitech_hidpp_transfer(priv->io_channel, msg, error)) {
 		g_prefix_error(error, "failed to supply program data: ");
 		return FALSE;