diff options
| author | Keith Packard <keithp@keithp.com> | 2010-09-01 19:53:24 -0700 |
|---|---|---|
| committer | Keith Packard <keithp@keithp.com> | 2010-09-01 19:53:24 -0700 |
| commit | 1177e0a684328422be5adc68093d0091a218a824 (patch) | |
| tree | 83bbb65c7b47b72ebc712442ed28a7b68e8980e5 /src | |
| parent | 775acb89660cdee2f3c54c38297baefe39f2414c (diff) | |
altos: Bounds check Skytraq GPS tracking data array
Missing GPS serial data could cause the tracking array reset to
get skipped, causing the array to be overrun, smashing critical data
beyond the array.
This was detected using the 'altosui' flash command to program a
device from TM. Hitting the USB that hard caused TM to crash with a
mutex error (3 beeps) after the ao_gps_task structure was overwritten
with zeros.
Signed-off-by: Keith Packard <keithp@keithp.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/ao.h | 4 | ||||
| -rw-r--r-- | src/ao_gps_skytraq.c | 13 | ||||
| -rw-r--r-- | src/ao_gps_test.c | 4 | ||||
| -rw-r--r-- | src/ao_gps_test_skytraq.c | 4 |
4 files changed, 18 insertions, 7 deletions
@@ -781,9 +781,11 @@ struct ao_gps_sat_data { uint8_t c_n_1; }; +#define AO_MAX_GPS_TRACKING 12 + struct ao_gps_tracking_data { uint8_t channels; - struct ao_gps_sat_data sats[12]; + struct ao_gps_sat_data sats[AO_MAX_GPS_TRACKING]; }; extern __xdata uint8_t ao_gps_mutex; diff --git a/src/ao_gps_skytraq.c b/src/ao_gps_skytraq.c index c822f7fa..2d3d464c 100644 --- a/src/ao_gps_skytraq.c +++ b/src/ao_gps_skytraq.c @@ -333,14 +333,19 @@ ao_gps(void) __reentrant ao_gps_skip_field(); /* sats in view */ while (ao_gps_char != '*' && ao_gps_char != '\n' && ao_gps_char != '\r') { i = ao_gps_tracking_next.channels; - ao_gps_tracking_next.sats[i].svid = ao_gps_decimal(2); /* SVID */ + c = ao_gps_decimal(2); /* SVID */ + if (i < AO_MAX_GPS_TRACKING) + ao_gps_tracking_next.sats[i].svid = c; ao_gps_lexchar(); ao_gps_skip_field(); /* elevation */ ao_gps_lexchar(); ao_gps_skip_field(); /* azimuth */ - if (!(ao_gps_tracking_next.sats[i].c_n_1 = ao_gps_decimal(2))) /* C/N0 */ - ao_gps_tracking_next.sats[i].svid = 0; - ao_gps_tracking_next.channels = i + 1; + c = ao_gps_decimal(2); /* C/N0 */ + if (i < AO_MAX_GPS_TRACKING) { + if (!(ao_gps_tracking_next.sats[i].c_n_1 = c)) + ao_gps_tracking_next.sats[i].svid = 0; + ao_gps_tracking_next.channels = i + 1; + } } if (ao_gps_char == '*') { uint8_t cksum = ao_gps_cksum ^ '*'; diff --git a/src/ao_gps_test.c b/src/ao_gps_test.c index cdcc6f4c..edb51304 100644 --- a/src/ao_gps_test.c +++ b/src/ao_gps_test.c @@ -62,9 +62,11 @@ struct ao_gps_sat_data { uint8_t c_n_1; }; +#define AO_MAX_GPS_TRACKING 12 + struct ao_gps_tracking_data { uint8_t channels; - struct ao_gps_sat_data sats[12]; + struct ao_gps_sat_data sats[AO_MAX_GPS_TRACKING]; }; void diff --git a/src/ao_gps_test_skytraq.c b/src/ao_gps_test_skytraq.c index 7fa10eaa..4010e09c 100644 --- a/src/ao_gps_test_skytraq.c +++ b/src/ao_gps_test_skytraq.c @@ -63,9 +63,11 @@ struct ao_gps_sat_data { uint8_t c_n_1; }; +#define AO_MAX_GPS_TRACKING 12 + struct ao_gps_tracking_data { uint8_t channels; - struct ao_gps_sat_data sats[12]; + struct ao_gps_sat_data sats[AO_MAX_GPS_TRACKING]; }; void |