From 497498acd26dfdff193f2429c99fbb683cbffd6a Mon Sep 17 00:00:00 2001 From: Thomas Kolb Date: Wed, 3 Jan 2024 00:01:27 +0100 Subject: [PATCH] rx: fix overflow in symbol buffer --- impl/src/layer1/rx.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/impl/src/layer1/rx.c b/impl/src/layer1/rx.c index 3ed3c57..30da258 100644 --- a/impl/src/layer1/rx.c +++ b/impl/src/layer1/rx.c @@ -14,6 +14,8 @@ #include "utils.h" +#define SYMBOL_BUFFER_SIZE 16384 + #define HEADER_SIZE_BYTES 4 #define FREQ_EST_L 24 @@ -139,7 +141,7 @@ static bool acquire_preamble(layer1_rx_t *rx, const float complex sample) result_t layer1_rx_process(layer1_rx_t *rx, const float complex *samples, size_t sample_count) { static size_t symbol_counter = 0; - static uint8_t symbols_int[1 << 12]; + static uint8_t symbols_int[SYMBOL_BUFFER_SIZE]; float complex samples2dump[sample_count]; size_t nsamples2dump = 0; @@ -245,6 +247,14 @@ result_t layer1_rx_process(layer1_rx_t *rx, const float complex *samples, size_t rx->payload_len_enc_bytes = fec_get_enc_msg_length(PAYLOAD_CHANNEL_CODE, rx->payload_len_bytes); rx->payload_len_symbols = (rx->payload_len_enc_bytes * 8 + payload_bps - 1) / payload_bps; + if(rx->payload_len_symbols > SYMBOL_BUFFER_SIZE) { + DEBUG_LOG("Symbol count %u is too lange for buffer. Ignoring packet.\n", rx->payload_len_symbols); + rx->state = RX_STATE_ACQUISITION; + break; + } + + assert(rx->payload_len_symbols < sizeof(symbols_int)/sizeof(symbols_int[0])); + DEBUG_LOG("=== DECODED HEADER ===\n"); DEBUG_LOG("Payload length: %u symbols, %u bytes encoded, %u bytes decoded\n", rx->payload_len_symbols, rx->payload_len_enc_bytes, rx->payload_len_bytes); DEBUG_LOG("CRC16: 0x%04x\n", rx->payload_crc);