fly316/PX4-Autopilot
7
0
Fork 0
mirror of https://gitee.com/mirrors_PX4/PX4-Autopilot.git synced 2026-04-14 10:07:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix septentrio: check for buffer underflow

Browse Source 
_message.header.length - 4 is passed as unsigned to the CRC method, so if
_message.header.length < 4, the length wraps and causes invalid memory
access.
This commit is contained in:
Beat Küng 2025-06-13 14:15:38 +02:00 committed by Alexander Lerach
parent 6f81998e27
commit 310cbbedb1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/drivers/gnss/septentrio/sbf/decoder.cpp
View File

@ -262,7 +262,7 @@ bool Decoder::done() const
bool Decoder::can_parse() const
{
return done() && _message.header.length <= sizeof(_message)
return done() && _message.header.length <= sizeof(_message) && _message.header.length > 4
&& _message.header.crc == buffer_crc16(reinterpret_cast<const uint8_t *>(&_message) + 4, _message.header.length - 4);
}