Skip to content
Snippets Groups Projects
Commit 5cd85b98 authored by Gene's avatar Gene Committed by Julian Oes
Browse files

Fixed app args buffer overrun in qurt px4_layer main.cpp and qshell.cpp

parent f5434633
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/drivers/qshell/qurt/qshell.cpp
+ 9
1
View file @ 5cd85b98
......@@ -61,6 +61,8 @@
#include <drivers/drv_hrt.h>
#include "DriverFramework.hpp"
#define MAX_ARGS 8 // max number of whitespace separated args after app name
extern void init_app_map(std::map<std::string, px4_main_t> &apps);
extern void list_builtins(std::map<std::string, px4_main_t> &apps);
......@@ -155,10 +157,16 @@ int QShell::run_cmd(const std::vector<std::string> &appargs)
//replaces app.find with iterator code to avoid null pointer exception
for (map<string, px4_main_t>::iterator it = apps.begin(); it != apps.end(); ++it) {
if (it->first == command) {
const char *arg[2 + 1];
// one for command name, one for null terminator
const char *arg[MAX_ARGS + 2];
unsigned int i = 0;
if (appargs.size() > MAX_ARGS + 1) {
PX4_ERR("%d too many arguments in run_cmd", appargs.size() - (MAX_ARGS + 1));
return 1;
}
while (i < appargs.size() && appargs[i].c_str()[0] != '\0') {
arg[i] = (char *)appargs[i].c_str();
PX4_DEBUG(" arg%d = '%s'\n", i, arg[i]);
......
src/platforms/qurt/px4_layer/main.cpp
+ 10
2
View file @ 5cd85b98
......@@ -51,6 +51,8 @@
#include "apps.h"
#include "DriverFramework.hpp"
#define MAX_ARGS 8 // max number of whitespace separated args after app name
using namespace std;
extern void init_app_map(map<string, px4_main_t> &apps);
......@@ -76,10 +78,16 @@ static void run_cmd(map<string, px4_main_t> &apps, const vector<string> &appargs
//replaces app.find with iterator code to avoid null pointer exception
for (map<string, px4_main_t>::iterator it = apps.begin(); it != apps.end(); ++it)
if (it->first == command) {
const char *arg[2 + 1];
// one for command name, one for null terminator
const char *arg[MAX_ARGS + 2];
unsigned int i = 0;
if (appargs.size() > MAX_ARGS + 1) {
PX4_ERR("%d too many arguments in run_cmd", appargs.size() - (MAX_ARGS + 1));
return;
}
while (i < appargs.size() && appargs[i].c_str()[0] != '\0') {
arg[i] = (char *)appargs[i].c_str();
PX4_DEBUG(" arg%d = '%s'\n", i, arg[i]);
......@@ -202,7 +210,7 @@ const char *get_commands()
PX4_ERR("Could not open %s\n", COMMANDS_ADSP_FILE);
static const char *commands =
"uorb start\n"
"uorb start\nqshell start\n"
;
return commands;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment