diff options
author | Mike Leach <mike.leach@linaro.org> | 2022-10-25 00:23:38 +0100 |
---|---|---|
committer | Mike Leach <mike.leach@linaro.org> | 2022-10-31 23:07:14 +0000 |
commit | ca132fc5059a0ba30356fe12856d5630d1ba9702 (patch) | |
tree | f0033da3b4e251da0ac208f370f292b59f3392f6 | |
parent | 930e1e671a51270903fa22895671bd6c74c4e75c (diff) | |
download | OpenCSD-ca132fc5059a0ba30356fe12856d5630d1ba9702.tar.gz |
opencsd: frame demux: Issue with 7 IDs in single frame (github #51)
Pathalogical case where 7 ID changes in a frame. all with data associated with previous ID,
may cause buffer overrun issue. Fix by adding in additional buffer for final data element.
Highly unlikely / impossible to occur in valid system generated frame data but could be
triggered by corrupt / invalid input data.
Reported-by: yabinc <yabinc@google.com> (github issue #51)
Signed-off-by: Mike Leach <mike.leach@linaro.org>
-rw-r--r-- | decoder/source/trc_frame_deformatter_impl.h | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/decoder/source/trc_frame_deformatter_impl.h b/decoder/source/trc_frame_deformatter_impl.h index 8d19bdb..8874ff3 100644 --- a/decoder/source/trc_frame_deformatter_impl.h +++ b/decoder/source/trc_frame_deformatter_impl.h @@ -154,10 +154,14 @@ private: int m_ex_frm_n_bytes; // number of valid bytes in the current frame (extraction) ocsd_trc_index_t m_trc_curr_idx_sof; // trace source index at start of frame. - // channel output data - can never be more than a frame of data for a single ID. - out_chan_data m_out_data[7]; // can only be 8 ID changes in a frame, but last on has no associated data so 7 possible data blocks + /* channel output data - can never be more than a frame of data for a single ID. + * 8 possible ID changes per frame. Although the final one can have no associated data, a pathological + * case exists with 7 ID changes, all data associated with a previous frame, except for last + * ID / data byte which is data. Not possible with normal hardware but guard against corrupt input. + */ + out_chan_data m_out_data[8]; // output data for a given ID int m_out_data_idx; // number of out_chan_data frames used. - int m_out_processed; // number of complete out_chan_data frames output. + int m_out_processed; // number of complete out_chan_data frames output. /* local copy of input buffer pointers*/ const uint8_t *m_in_block_base; |