Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in protocol_process_ReadValue due to missing Initialisation of newMsg #128

Open
HorizontalCar opened this issue Apr 8, 2024 · 0 comments
Open

Crash in protocol_process_ReadValue due to missing Initialisation of newMsg #128

HorizontalCar opened this issue Apr 8, 2024 · 0 comments

Comments

@HorizontalCar
Copy link

Hello,

I have been testing automated firmware testing tools and found an input that results in a crash.

Crash occurs in protocol_process_ReadValue at protocol.c:48.24. newMsg->code is not initialized thus crashing the program due to an invalid memory read.

Cause:
Initialisation of newMsg missing on line ascii_proto_func.c:414

PROTOCOL_MSG3full newMsg;
memset((void*)&newMsg,0x00,sizeof(PROTOCOL_MSG3full));
// Missing
// newMsg.code = s->params[i]->code;
// newMsg.cmd = PROTOCOL_CMD_READVALRESPONSE;
if (s->params[i]->fn) s->params[i]->fn( s, s->params[i], PROTOCOL_CMD_SILENTREAD, &newMsg);

sprintf(ascii_out, "%s(%s): %d\r\n",
        (s->params[i]->description)?s->params[i]->description:"",
        s->params[i]->uistr,
        (int)*(short *)s->params[i]->ptr
);
s->send_serial_data_wait((unsigned char *)ascii_out, strlen(ascii_out));
ascii_out[0] = 0; // don't print last one twice```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@HorizontalCar