Git-Mirrors/tillitis-key
1
0
Fork 0
mirror of https://github.com/tillitis/tillitis-key1.git synced 2025-09-20 21:04:36 -04:00
Code Issues Projects Releases Packages Wiki Activity

ch552: Fix FIDO data copy

Browse source 
Fix potential out of bounds write.
This commit is contained in:
Jonas Thörnblad 2025-05-06 12:53:12 +02:00
parent ec9ef31140
commit 14e4cd09c9
No known key found for this signature in database
GPG key ID: 2D318AD00A326F95
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
hw/usb_interface/ch552_fw/src/main.c
View file

@ -1687,18 +1687,19 @@ void main()
// Copy FIDO data from UartRxBuf to FrameBuf
if (FrameStarted && !FrameDiscard && !FidoDataAvailable) {
if (FrameMode == IO_FIDO) {
// Check if a complete frame has been received
if (UartRxBufByteCount >= FrameRemainingBytes) {
if ((FrameRemainingBytes >= MAX_FRAME_SIZE) &&
(UartRxBufByteCount >= MAX_FRAME_SIZE)) {
circular_copy(FrameBuf,
UartRxBuf,
UART_RX_BUF_SIZE,
UartRxBufOutputPointer,
FrameRemainingBytes);
MAX_FRAME_SIZE);
FrameBufLength = MAX_FRAME_SIZE;
// Update output pointer
UartRxBufOutputPointer = increment_pointer(UartRxBufOutputPointer,
FrameRemainingBytes,
MAX_FRAME_SIZE,
UART_RX_BUF_SIZE);
FrameRemainingBytes -= MAX_FRAME_SIZE;
FidoDataAvailable = 1;
cts_start();
}