g4klx/DMRGateway
1
0
Fork 0
mirror of https://github.com/g4klx/DMRGateway.git synced 2026-04-06 06:53:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix upper bound in length check: 50 → 46 to match buffer geometry

Browse source 
The memcpy writes (length - 4) bytes at offset 8 into a 50-byte buffer,
so the maximum safe length is 46 (8 + 42 = 50), not 50. With length=50
the previous check still allowed a 4-byte stack overflow.
This commit is contained in:
Ember 2026-04-04 17:02:53 -07:00
parent 6dd98bd856
commit 891a2a87b7
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
DMRNetwork.cpp
View file

@ -252,7 +252,7 @@ bool CDMRNetwork::writeRadioPosition(const unsigned char* data, unsigned int len
if (!m_location)
return false;
if (length < 4U || length > 50U)
if (length < 4U || length > 46U)
return false;
unsigned char buffer[50U];
@ -271,7 +271,7 @@ bool CDMRNetwork::writeTalkerAlias(const unsigned char* data, unsigned int lengt
if (m_status != STATUS::RUNNING)
return false;
if (length < 4U || length > 50U)
if (length < 4U || length > 46U)
return false;
unsigned char buffer[50U];