diff options
| author | Gary E. Miller <gem@rellim.com> | 2016-09-01 12:36:04 -0700 |
|---|---|---|
| committer | Gary E. Miller <gem@rellim.com> | 2016-09-01 12:36:04 -0700 |
| commit | 8f74020d331f0aa1fd165f2d9490fc66022745c2 (patch) | |
| tree | 54602a867b2d0161ddcffb070fdb0f49f38e9a7d | |
| parent | ee329c32da0ab85e1a3334ce5377f0b57cf954ce (diff) | |
| download | gpsd-8f74020d331f0aa1fd165f2d9490fc66022745c2.tar.gz | |
Fix too small buffers. Hex is 2x + 1 the size of binary.
| -rw-r--r-- | gpsd.h-tail | 6 | ||||
| -rw-r--r-- | hex.c | 2 | ||||
| -rw-r--r-- | packet.c | 14 |
3 files changed, 14 insertions, 8 deletions
diff --git a/gpsd.h-tail b/gpsd.h-tail index 97345d1a..d1fb5ead 100644 --- a/gpsd.h-tail +++ b/gpsd.h-tail @@ -492,7 +492,11 @@ struct gps_device_t { #endif /* PPS_ENABLE */ double mag_var; /* magnetic variation in degrees */ bool back_to_nmea; /* back to NMEA on revert? */ - char msgbuf[MAX_PACKET_LENGTH*2+1]; /* command message buffer for sends */ + /* + * msgbuf needs to hold the hex decode of inbuffer + * so msgbuf must be 2x the size of inbuffer + */ + char msgbuf[MAX_PACKET_LENGTH*4+1]; /* command message buffer for sends */ size_t msgbuflen; int observed; /* which packet type`s have we seen? */ bool cycle_end_reliable; /* does driver signal REPORT_MASK */ @@ -18,6 +18,8 @@ * scbuflen -- sizeof(scbuf) * *binbuf -- the binary to convert to hex and place in scbuf * binbuflen -- sizeof(binbuf) + * + * scbuflen needs to be 2x binbuflen to hold the hex conversion */ const char *gpsd_packetdump(char *scbuf, size_t scbuflen, @@ -874,7 +874,7 @@ static bool nextstate(struct gps_lexer_t *lexer, unsigned char c) break; case SKY_DELIVERED: if ( lexer->errout.debug >= LOG_RAW+1) { - char scratchbuf[MAX_PACKET_LENGTH*2+1]; + char scratchbuf[MAX_PACKET_LENGTH*4+1]; gpsd_log(&lexer->errout, LOG_RAW+1, "Skytraq = %s\n", gpsd_packetdump(scratchbuf, sizeof(scratchbuf), @@ -1528,7 +1528,7 @@ static void packet_accept(struct gps_lexer_t *lexer, int packet_type) lexer->outbuffer[packetlen] = '\0'; lexer->type = packet_type; if (lexer->errout.debug >= LOG_RAW+1) { - char scratchbuf[MAX_PACKET_LENGTH*2+1]; + char scratchbuf[MAX_PACKET_LENGTH*4+1]; gpsd_log(&lexer->errout, LOG_RAW+1, "Packet type %d accepted %zu = %s\n", packet_type, packetlen, @@ -1551,7 +1551,7 @@ static void packet_discard(struct gps_lexer_t *lexer) lexer->inbufptr = memmove(lexer->inbuffer, lexer->inbufptr, remaining); lexer->inbuflen = remaining; if (lexer->errout.debug >= LOG_RAW+1) { - char scratchbuf[MAX_PACKET_LENGTH*2+1]; + char scratchbuf[MAX_PACKET_LENGTH*4+1]; gpsd_log(&lexer->errout, LOG_RAW + 1, "Packet discard of %zu, chars remaining is %zu = %s\n", discard, remaining, @@ -1569,7 +1569,7 @@ static void packet_stash(struct gps_lexer_t *lexer) memcpy(lexer->stashbuffer, lexer->inbuffer, stashlen); lexer->stashbuflen = stashlen; if (lexer->errout.debug >= LOG_RAW+1) { - char scratchbuf[MAX_PACKET_LENGTH*2+1]; + char scratchbuf[MAX_PACKET_LENGTH*4+1]; gpsd_log(&lexer->errout, LOG_RAW+1, "Packet stash of %zu = %s\n", stashlen, @@ -1591,7 +1591,7 @@ static void packet_unstash(struct gps_lexer_t *lexer) lexer->inbuflen += stashlen; lexer->stashbuflen = 0; if (lexer->errout.debug >= LOG_RAW+1) { - char scratchbuf[MAX_PACKET_LENGTH*2+1]; + char scratchbuf[MAX_PACKET_LENGTH*4+1]; gpsd_log(&lexer->errout, LOG_RAW+1, "Packet unstash of %zu, reconstructed is %zu = %s\n", stashlen, lexer->inbuflen, @@ -1612,7 +1612,7 @@ static void character_discard(struct gps_lexer_t *lexer) memmove(lexer->inbuffer, lexer->inbuffer + 1, (size_t)-- lexer->inbuflen); lexer->inbufptr = lexer->inbuffer; if (lexer->errout.debug >= LOG_RAW+1) { - char scratchbuf[MAX_PACKET_LENGTH*2+1]; + char scratchbuf[MAX_PACKET_LENGTH*4+1]; gpsd_log(&lexer->errout, LOG_RAW + 1, "Character discarded, buffer %zu chars = %s\n", lexer->inbuflen, @@ -2354,7 +2354,7 @@ ssize_t packet_get(int fd, struct gps_lexer_t *lexer) } } else { if (lexer->errout.debug >= LOG_RAW+1) { - char scratchbuf[MAX_PACKET_LENGTH*2+1]; + char scratchbuf[MAX_PACKET_LENGTH*4+1]; gpsd_log(&lexer->errout, LOG_RAW + 1, "Read %zd chars to buffer offset %zd (total %zd): %s\n", recvd, lexer->inbuflen, lexer->inbuflen + recvd, |