mirror of
https://github.com/meshcore-dev/meshcore_py.git
synced 2026-04-20 22:13:49 +00:00
865c1b21b4
The ADVERT branch in MeshcorePacketParser.parsePacketPayload reads the flags byte with `pk_buf.read(1)[0]`, which IndexErrors on a short advert payload (the minimum advert is 32 + 4 + 64 + 1 = 101 bytes before any optional fields). Pre-F06, the IndexError would escape as a swallowed task exception. With F06's umbrella now in place it would log and skip the dispatch, but the proposal §4.1 NEW-B asks for a narrower local guard so a malformed advert doesn't poison the rest of the parse path. The optional `lat/lon/feat1/feat2` reads after the flags byte also silently produce zeros on short reads (`int.from_bytes(b"", ...)` returns 0), which would propagate bogus zero coordinates upstream. Wrapping the whole branch limits the blast radius to a single malformed advert. Wrap the entire body of the ADVERT elif (from `pk_buf = io.BytesIO(...)` through the final `log_data["adv_feat2"]` assignment) in `try/except (IndexError, ValueError)` and log a debug message with the exception type, message, and `pkt_payload` length on failure. This matches the defensive pattern the proposal specifies. Finding: NEW-B (S3) File: src/meshcore/meshcore_parser.py |
||
|---|---|---|
| .. | ||
| commands | ||
| __init__.py | ||
| ble_cx.py | ||
| connection_manager.py | ||
| events.py | ||
| lpp_json_encoder.py | ||
| meshcore.py | ||
| meshcore_parser.py | ||
| packets.py | ||
| parsing.py | ||
| reader.py | ||
| serial_cx.py | ||
| tcp_cx.py | ||