From 3501fda48d5cf3f18d3de498618ad718a9785709 Mon Sep 17 00:00:00 2001
From: Michael Davidsaver <mdavidsaver@bnl.gov>
Date: Thu, 19 Feb 2015 19:18:16 -0500
Subject: [PATCH] dbCa: dbCaPutLinkCallback prevent out of bounds write

The internal buffer of the caLink is sized based on the
number of elements of the destination PV.
---
 src/db/dbCa.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/db/dbCa.c b/src/db/dbCa.c
index 22870ba30..b35b5d80d 100644
--- a/src/db/dbCa.c
+++ b/src/db/dbCa.c
@@ -381,6 +381,8 @@ long dbCaPutLinkCallback(struct link *plink,short dbrType,
             dbAddr.pfield = pca->pputNative;
             /*Following only used for DBF_STRING*/
             dbAddr.field_size = MAX_STRING_SIZE;
+            if(nRequest>pca->nelements)
+                nRequest = pca->nelements;
             status = aConvert(&dbAddr, pbuffer, nRequest, pca->nelements, 0);
         }
         link_action |= CA_WRITE_NATIVE;