From f9036398e899e142b4e843c9c6faf2199655012c Mon Sep 17 00:00:00 2001
From: Willem Melching <willem.melching@gmail.com>
Date: Mon, 1 Jun 2020 16:41:04 -0700
Subject: [PATCH] ui.cc: read_db_value is not null terminated

old-commit-hash: 884b327374890358424c90d1fc20b459f599987e
---
 selfdrive/ui/ui.cc | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/selfdrive/ui/ui.cc b/selfdrive/ui/ui.cc
index 31f6c1717..cd76ebe7c 100644
--- a/selfdrive/ui/ui.cc
+++ b/selfdrive/ui/ui.cc
@@ -4,6 +4,7 @@
 #include <unistd.h>
 #include <assert.h>
 #include <sys/mman.h>
+#include <string>
 #include <sstream>
 #include <sys/resource.h>
 #include <czmq.h>
@@ -138,12 +139,24 @@ static void set_do_exit(int sig) {
 
 template <class T>
 static int read_param(T* param, const char *param_name, bool persistent_param = false){
-  char *s;
-  int result = read_db_value(param_name, &s, NULL, persistent_param);
+  T param_orig = *param;
+  char *value;
+  size_t sz;
+
+  int result = read_db_value(param_name, &value, &sz, persistent_param);
   if (result == 0){
+    std::string s = std::string(value, sz); // value is not null terminated
+    free(value);
+
+    // Parse result
     std::istringstream iss(s);
     iss >> *param;
-    free(s);
+
+    // Restore original value if parsing failed
+    if (iss.fail()) {
+      *param = param_orig;
+      result = -1;
+    }
   }
   return result;
 }