fly316/PX4-Autopilot
7
0
Fork 0
mirror of https://gitee.com/mirrors_PX4/PX4-Autopilot.git synced 2026-04-14 10:07:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix lightware_laser_serial: prevent potential heap buffer overflow (#22202)

Browse Source 
In the lightware_parser function, LW_PARSE_STATE2_GOT_DIGIT0 state can be repeated unexpectedly without proper parserbuf_index or state checking. This behavior will trigger a heap buffer overflow vulnerability by allowing to write some data. And the writable size is sizeof(unsigned).
This commit is contained in:
ZeroOne 2023-10-11 14:01:09 +09:00 committed by GitHub
parent 5352a64042
commit 6dfede0806
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/drivers/distance_sensor/lightware_laser_serial/lightware_laser_serial.cpp
View File

@ -219,6 +219,11 @@ int LightwareLaserSerial::collect()
} else {
for (int i = 0; i < ret; i++) {
// Check for overflow
if (_linebuf_index >= sizeof(_linebuf)) {
_parse_state = LW_PARSE_STATE0_UNSYNC;
}
if (OK == lightware_parser(readbuf[i], _linebuf, &_linebuf_index, &_parse_state, &distance_m)) {
valid = true;
}