From 910769efd42da388d3b800d2514044ad468ae062 Mon Sep 17 00:00:00 2001
From: Robert Quattlebaum <rquattlebaum@nestlabs.com>
Date: Wed, 15 Jun 2016 18:19:56 -0700
Subject: [PATCH] ncp-spinel: Fix a buffer-overflow bug in the inbound data
 pump.

---
 src/ncp-spinel/SpinelNCPInstance-DataPump.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/ncp-spinel/SpinelNCPInstance-DataPump.cpp b/src/ncp-spinel/SpinelNCPInstance-DataPump.cpp
index 81c22a0d..8fa6a1ce 100644
--- a/src/ncp-spinel/SpinelNCPInstance-DataPump.cpp
+++ b/src/ncp-spinel/SpinelNCPInstance-DataPump.cpp
@@ -232,6 +232,8 @@ SpinelNCPInstance::ncp_to_driver_pump()
 				mInboundFrameHDLCCRC = hdlc_crc16(mInboundFrameHDLCCRC, mInboundFrame[mInboundFrameSize-2]);
 			}
 
+			require(mInboundFrameSize >= sizeof(mInboundFrame), on_error);
+
 			mInboundFrame[mInboundFrameSize++] = byte;
 
 		} while(true);