Mirrors_Framework/PX4-Autopilot
1
0
Fork 0
mirror of https://github.com/PX4/PX4-Autopilot.git synced 2026-05-21 13:02:25 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
Files
e4fe5bbad5e8239602014eb948a7a7e8d19cbd79
PX4-Autopilot/src/drivers/tattu_can
T
History
Ramon Roche 3f04b7a95a fix(tattu_can): validate CAN frame bounds before buffer copy 
Add bounds checking in the CAN frame assembly loop to prevent a buffer
overflow when copying payloads into the Tattu12SBatteryMessage struct.
A crafted CAN frame with a corrupt payload_size could write past the
48-byte struct boundary. Also guard against payload_size of 0 which
would cause an unsigned integer underflow on the size_t subtraction.

Fixes GHSA-wxwm-xmx9-hr32

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
2026-03-13 09:16:01 -07:00
..
CMakeLists.txt
Kconfig
TattuCan.cpp
fix(tattu_can): validate CAN frame bounds before buffer copy
2026-03-13 09:16:01 -07:00
TattuCan.hpp
module_base: remove CRTP template pattern to reduce flash bloat (#26476)
2026-02-19 15:17:17 +13:00