From e6806e58c250788935ce68c11124811ed8804033 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@osmocom.org>
Date: Sun, 1 Mar 2020 15:56:07 +0100
Subject: [PATCH] cardem: Fix infinite loop + watchdog reset on long OUT
 message

In dispatch_received_usb_msg(), we ran into an infinite loop if a
too long messages was received on the OUT EP.  Let's break the loop.

Change-Id: I5325ed15d3dd79a42f8dac34d618e86b9334c301
Closes: OS#4429
---
 firmware/libcommon/source/mode_cardemu.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/firmware/libcommon/source/mode_cardemu.c b/firmware/libcommon/source/mode_cardemu.c
index c5c173fe..5b17f863 100644
--- a/firmware/libcommon/source/mode_cardemu.c
+++ b/firmware/libcommon/source/mode_cardemu.c
@@ -682,6 +682,7 @@ static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci)
 			TRACE_ERROR("%u: Unexpected large message (%u bytes)\n",
 					ci->num, mh->msg_len);
 			usb_buf_free(segm);
+			break;
 		} else {
 			uint8_t *cur = msgb_put(segm, mh->msg_len);
 			segm->l1h = segm->head;