zhaohuwei
/
QG4
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

fix MavlinkConsoleController: avoid buffer out-of-bound access (#10062) 

mavlink_msg_serial_control_pack_chan expects
MAVLINK_MSG_SERIAL_CONTROL_FIELD_DATA_LEN bytes for 'data', but 'chuck'
might be smaller than that.
QGC4.4
Beat Küng 4 years ago committed by GitHub
parent
3c9d5b88cb
commit
b6bc30fef7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      src/AnalyzeView/MavlinkConsoleController.cc

2
src/AnalyzeView/MavlinkConsoleController.cc
Unescape View File

@ -143,6 +143,8 @@ MavlinkConsoleController::_sendSerialData(QByteArray data, bool close) @@ -143,6 +143,8 @@ MavlinkConsoleController::_sendSerialData(QByteArray data, bool close)
// Send maximum sized chunks until the complete buffer is transmitted
while(data.size()) {
QByteArray chunk{data.left(MAVLINK_MSG_SERIAL_CONTROL_FIELD_DATA_LEN)};
// Ensure the buffer is large enough, as the MAVLink parser expects MAVLINK_MSG_SERIAL_CONTROL_FIELD_DATA_LEN bytes
chunk.append(MAVLINK_MSG_SERIAL_CONTROL_FIELD_DATA_LEN - chunk.size(), '\0');
uint8_t flags = SERIAL_CONTROL_FLAG_EXCLUSIVE | SERIAL_CONTROL_FLAG_RESPOND | SERIAL_CONTROL_FLAG_MULTI;
if (close) flags = 0;
auto protocol = qgcApp()->toolbox()->mavlinkProtocol();

Write Preview
Loading…
Cancel
Save