From 973befa5d82920b56c2abcf6b4d791763e42f4ea Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <andrew@tridgell.net>
Date: Sun, 3 Apr 2022 08:11:08 +1000
Subject: [PATCH] GCS_MAVLink: prevent devop larger than buffer

---
 libraries/GCS_MAVLink/GCS_DeviceOp.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libraries/GCS_MAVLink/GCS_DeviceOp.cpp b/libraries/GCS_MAVLink/GCS_DeviceOp.cpp
index 2d93f68798..b7418ad78c 100644
--- a/libraries/GCS_MAVLink/GCS_DeviceOp.cpp
+++ b/libraries/GCS_MAVLink/GCS_DeviceOp.cpp
@@ -48,6 +48,10 @@ void GCS_MAVLINK::handle_device_op_read(const mavlink_message_t &msg)
         retcode = 2;
         goto fail;
     }
+    if (packet.count > sizeof(data)) {
+        retcode = 5;
+        goto fail;
+    }
     if (!dev->get_semaphore()->take(10)) {
         retcode = 3;
         goto fail;