sadmen
/
openpilot_comma
mirror of https://github.com/commaai/openpilot.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

panda.cc: fix possible heap overflow on wrong checksum (#27151)

Browse Source 
* panda.cc: fix possible heap overflow on wrong checksum

* off by one
pull/26108/head^2
Willem Melching 2 years ago committed by GitHub
parent 09cd0b4900
commit f17bca00ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      selfdrive/boardd/panda.cc

4
selfdrive/boardd/panda.cc
Unescape View File

@ -236,6 +236,9 @@ void Panda::can_send(capnp::List<cereal::CanData>::Reader can_data_list) {
} }
bool Panda::can_receive(std::vector<can_frame>& out_vec) { bool Panda::can_receive(std::vector<can_frame>& out_vec) {
// Check if enough space left in buffer to store RECV_SIZE data
assert(receive_buffer_size + RECV_SIZE <= sizeof(receive_buffer));
int recv = handle->bulk_read(0x81, &receive_buffer[receive_buffer_size], RECV_SIZE); int recv = handle->bulk_read(0x81, &receive_buffer[receive_buffer_size], RECV_SIZE);
if (!comms_healthy()) { if (!comms_healthy()) {
return false; return false;
@ -278,6 +281,7 @@ bool Panda::unpack_can_buffer(uint8_t *data, uint32_t &size, std::vector<can_fra
if (calculate_checksum(&data[pos], sizeof(can_header) + data_len) != 0) { if (calculate_checksum(&data[pos], sizeof(can_header) + data_len) != 0) {
LOGE("Panda CAN checksum failed"); LOGE("Panda CAN checksum failed");
size = 0;
return false; return false;
} }

Write Preview
Loading…
Cancel
Save