Comment 3 for bug 494549

Packaing:
looks good.

QA:
Please subscribe desktop team to bug reports if not needed

Upstream code:
Source code wise i checked how the input data from device is processed and found a nit:

in device_data_input the buffer bounds are not properly/explicitly checked in daemon.c, like

in connection_device_input:
                memcpy(conn->ib_buf + conn->ib_size, payload, payload_length);
should only happen if payload_length < CONN_INBUF_SIZE - conn->ib_size

in device_data_input:
                memcpy(dev->pktbuf + dev->pktlen, buffer, length);
should only happen if length < DEV_PKTBUF_SIZE - dev->pkglen

                memcpy(dev->pktbuf, buffer, length);
should only happen if length < DEV_PKTBUF_SIZE

in client.c:
                memcpy(client->ob_buf + client->ob_size + sizeof(hdr), payload, payload_length);

has the same issue ... though that doesnt process stuff coming from the device - so isnt that critical imo.