Code Review / apps / agl-service-can-low-level.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Protect against corrupted _count fields in pb_release().
[apps/agl-service-can-low-level.git] / pb_decode.c
diff --git a/pb_decode.c b/pb_decode.c
index 1699091..78911e7 100644 (file)
--- a/pb_decode.c
+++ b/pb_decode.c
@@ -1035,6 +1035,12 @@ static void pb_release_single_field(const pb_field_iter_t *iter)
         if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
         {
             count = *(pb_size_t*)iter->pSize;
+
+            if (PB_ATYPE(type) == PB_ATYPE_STATIC && count > iter->pos->array_size)
+            {
+                /* Protect against corrupted _count fields */
+                count = iter->pos->array_size;
+            }
         }
         
         if (pItem)
Low level CAN service made to decode and write on CAN bus.