From ad00133ca307099e7898c09a92d439f810a60bb4 Mon Sep 17 00:00:00 2001
From: Marius Greuel <greuelm@mgtek.com>
Date: Sat, 14 Apr 2018 15:05:26 +0200
Subject: [PATCH] Fix bug #54159, Buffer overflow in usbtiny.c

---
 usbtiny.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/usbtiny.c b/usbtiny.c
index 4d6da196..0994bd36 100644
--- a/usbtiny.c
+++ b/usbtiny.c
@@ -641,6 +641,8 @@ static int usbtiny_paged_load (PROGRAMMER * pgm, AVRPART * p, AVRMEM* m,
 
   for (; addr < maxaddr; addr += chunk) {
     chunk = PDATA(pgm)->chunk_size;         // start with the maximum chunk size possible
+    if (chunk > maxaddr - addr)
+      chunk = maxaddr - addr;
 
     // Send the chunk of data to the USBtiny with the function we want
     // to perform
@@ -696,6 +698,8 @@ static int usbtiny_paged_write(PROGRAMMER * pgm, AVRPART * p, AVRMEM * m,
   for (; addr < maxaddr; addr += chunk) {
     // start with the max chunk size
     chunk = PDATA(pgm)->chunk_size;
+    if (chunk > maxaddr - addr)
+      chunk = maxaddr - addr;
 
     // we can only write a page at a time anyways
     if (m->paged && chunk > page_size)