From ac74a02d7c1cc5bbd1c20fa56d1f6a5139dc2f09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beat=20K=C3=BCng?= <beat-kueng@gmx.net>
Date: Wed, 11 Jun 2025 14:35:59 +0200
Subject: [PATCH] fix septentrio: ensure the crc check does not read past the
 buffer size

in case the input data is invalid.
---
 src/drivers/gnss/septentrio/sbf/decoder.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/drivers/gnss/septentrio/sbf/decoder.cpp b/src/drivers/gnss/septentrio/sbf/decoder.cpp
index 318a5c4db9..33f180a159 100644
--- a/src/drivers/gnss/septentrio/sbf/decoder.cpp
+++ b/src/drivers/gnss/septentrio/sbf/decoder.cpp
@@ -243,7 +243,7 @@ bool Decoder::done() const
 
 bool Decoder::can_parse() const
 {
-	return done()
+	return done() && _message.header.length <= sizeof(_message)
 	       && _message.header.crc == buffer_crc16(reinterpret_cast<const uint8_t *>(&_message) + 4, _message.header.length - 4);
 }