From 771f8855b768654a5800fa987f9c16550930c151 Mon Sep 17 00:00:00 2001 From: Peter Barker Date: Mon, 14 Aug 2023 11:48:01 +1000 Subject: [PATCH] AP_Logger: correct use of nullptr in SITL structure sanity checks A developer might be able to craft a fault such that s could be nullptr here. They would need to work at it, but we can do better. --- libraries/AP_Logger/AP_Logger_Backend.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libraries/AP_Logger/AP_Logger_Backend.cpp b/libraries/AP_Logger/AP_Logger_Backend.cpp index 313747a20c..18029145da 100644 --- a/libraries/AP_Logger/AP_Logger_Backend.cpp +++ b/libraries/AP_Logger/AP_Logger_Backend.cpp @@ -381,6 +381,7 @@ void AP_Logger_Backend::validate_WritePrioritisedBlock(const void *pBuffer, } const uint8_t type = ((uint8_t*)pBuffer)[2]; uint8_t type_len; + const char *name_src; const struct LogStructure *s = _front.structure_for_msg_type(type); if (s == nullptr) { const struct AP_Logger::log_write_fmt *t = _front.log_write_fmt_for_msg_type(type); @@ -388,13 +389,15 @@ void AP_Logger_Backend::validate_WritePrioritisedBlock(const void *pBuffer, AP_HAL::panic("No structure for msg_type=%u", type); } type_len = t->msg_len; + name_src = t->name; } else { type_len = s->msg_len; + name_src = s->name; } if (type_len != size) { char name[5] = {}; // get a null-terminated string - if (s->name != nullptr) { - memcpy(name, s->name, 4); + if (name_src != nullptr) { + memcpy(name, name_src, 4); } else { strncpy(name, "?NM?", ARRAY_SIZE(name)); }