From f17bca00ba6919bae309f0c68bad11b0f6b18607 Mon Sep 17 00:00:00 2001
From: Willem Melching <willem.melching@gmail.com>
Date: Tue, 31 Jan 2023 17:17:21 +0100
Subject: [PATCH] panda.cc: fix possible heap overflow on wrong checksum
 (#27151)

* panda.cc: fix possible heap overflow on wrong checksum

* off by one
---
 selfdrive/boardd/panda.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/selfdrive/boardd/panda.cc b/selfdrive/boardd/panda.cc
index 4bba070eee..647a0d9c78 100644
--- a/selfdrive/boardd/panda.cc
+++ b/selfdrive/boardd/panda.cc
@@ -236,6 +236,9 @@ void Panda::can_send(capnp::List<cereal::CanData>::Reader can_data_list) {
 }
 
 bool Panda::can_receive(std::vector<can_frame>& out_vec) {
+  // Check if enough space left in buffer to store RECV_SIZE data
+  assert(receive_buffer_size + RECV_SIZE <= sizeof(receive_buffer));
+
   int recv = handle->bulk_read(0x81, &receive_buffer[receive_buffer_size], RECV_SIZE);
   if (!comms_healthy()) {
     return false;
@@ -278,6 +281,7 @@ bool Panda::unpack_can_buffer(uint8_t *data, uint32_t &size, std::vector<can_fra
 
     if (calculate_checksum(&data[pos], sizeof(can_header) + data_len) != 0) {
       LOGE("Panda CAN checksum failed");
+      size = 0;
       return false;
     }