From e03e0261a1a0c82f545e66a1e3795956c886db71 Mon Sep 17 00:00:00 2001 From: zhangteng0526 <49060609+zhangteng0526@users.noreply.github.com> Date: Wed, 3 Jul 2024 10:58:40 +0800 Subject: [PATCH] Fix buffer overflow in mavlink_receive.cpp --- src/modules/mavlink/mavlink_receiver.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/mavlink/mavlink_receiver.cpp b/src/modules/mavlink/mavlink_receiver.cpp index 35e2879c6d..f8e12d51cc 100644 --- a/src/modules/mavlink/mavlink_receiver.cpp +++ b/src/modules/mavlink/mavlink_receiver.cpp @@ -1818,7 +1818,7 @@ MavlinkReceiver::handle_message_serial_control(mavlink_message_t *msg) if (shell) { // we ignore the timeout, EXCLUSIVE & BLOCKING flags of the SERIAL_CONTROL message - if (serial_control_mavlink.count > 0) { + if (serial_control_mavlink.count > 0 && serial_control_mavlink.count <= sizeof(serial_control_mavlink.data)) { shell->setTargetID(msg->sysid, msg->compid); shell->write(serial_control_mavlink.data, serial_control_mavlink.count); }