Fixed sdps crash for some size flash.bin

memcpy size can't exceed input memory buffer size.
It is fix for 3f512a6

Signed-off-by: Frank Li <frank.li@nxp.com>

Author: nxpfrankli

libuuu/hidreport.cpp

@@ -78,6 +78,10 @@ int HIDReport::write(const void *p, size_t sz, uint8_t report_id)
 		m_out_buff[0] = report_id;
 
 		size_t s = sz - off;
+		size_t copy_sz = s;
+
+		if (copy_sz > m_size_out)
+			copy_sz = m_size_out;
 
 		/*
 		 * The Windows HIDAPI is ver strict. It always require to send
@@ -88,7 +92,8 @@ int HIDReport::write(const void *p, size_t sz, uint8_t report_id)
 		if (s > m_size_out || report_id == 2)
 			s = m_size_out;
 
-		memcpy(m_out_buff.data() + m_size_payload, buff + off, s);
+		/* copy_sz can't be bigger then input data size, otherwise access unpaged memory */
+		memcpy(m_out_buff.data() + m_size_payload, buff + off, copy_sz);
 
 		int ret = m_pdev->write(m_out_buff.data(), s + m_size_payload);