Address Savannah bug #38511:

ais_context->bitlen <= sizeof(ais_context->bits)/8 is not checked
author: Eric S. Raymond <esr@thyrsus.com> 2013-04-10 22:22:34 -0400
committer: Eric S. Raymond <esr@thyrsus.com> 2013-04-10 22:22:34 -0400
commit: 08edc49d8f63c75bfdfb480b083b0d960310f94f (patch)
tree: 8febc9734e6c967d22be2c5a80d366b0e19b8f39 /drivers.c
parent: a41cd69c87e312198834a2e6232134176c9352e5 (diff)
download: gpsd-08edc49d8f63c75bfdfb480b083b0d960310f94f.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers.c b/drivers.c
index 8d6ebd0b..e6632906 100644
--- a/drivers.c
+++ b/drivers.c
@@ -1328,6 +1328,10 @@ static bool aivdm_decode(const char *buf, size_t buflen,
 		    (1 << (7 - ais_context->bitlen % 8));
 	    }
 	    ais_context->bitlen++;
+	    if (ais_context->bitlen > sizeof(ais_context->bits)) {
+		gpsd_report(LOG_INF, "overlong AIVDM payload truncated.\n");
+		return false;
+	    }
 	}
 	/*@ +shiftnegative @*/
     }
author	Eric S. Raymond <esr@thyrsus.com>	2013-04-10 22:22:34 -0400
committer	Eric S. Raymond <esr@thyrsus.com>	2013-04-10 22:22:34 -0400
commit	08edc49d8f63c75bfdfb480b083b0d960310f94f (patch)
tree	8febc9734e6c967d22be2c5a80d366b0e19b8f39 /drivers.c
parent	a41cd69c87e312198834a2e6232134176c9352e5 (diff)
download	gpsd-08edc49d8f63c75bfdfb480b083b0d960310f94f.tar.gz