Mirror
/
ardupilot
mirror of https://github.com/ArduPilot/ardupilot
5
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AP_RCProtocol: fixed buffer overflow in st24 parser 

found using random data injection in SITL
This commit is contained in:
Andrew Tridgell 2020-04-20 07:30:32 +10:00
parent 59c02816b8
commit 7e835d1037
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/AP_RCProtocol/AP_RCProtocol_ST24.cpp
View File

@ -107,7 +107,7 @@ void AP_RCProtocol_ST24::_process_byte(uint8_t byte)
case ST24_DECODE_STATE_GOT_STX2:
/* ensure no data overflow failure or hack is possible */
if ((unsigned)byte <= sizeof(_rxpacket.length) + sizeof(_rxpacket.type) + sizeof(_rxpacket.st24_data)) {
if (byte > 8 && (unsigned)byte <= sizeof(_rxpacket.length) + sizeof(_rxpacket.type) + sizeof(_rxpacket.st24_data)) {
_rxpacket.length = byte;
_rxlen = 0;
_decode_state = ST24_DECODE_STATE_GOT_LEN;