AP_EFI: check bounds of serial buffer in Hirth serial driver

ensure we don't consume invalid data
ArduPilot · Apr 5, 2024 · a969fba · a969fba
1 parent 364e6f0
commit a969fba
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/libraries/AP_EFI/AP_EFI_Serial_Hirth.cpp b/libraries/AP_EFI/AP_EFI_Serial_Hirth.cpp
@@ -110,7 +110,7 @@ void AP_EFI_Serial_Hirth::check_response()
         computed_checksum += res_data.quantity = port->read();
         computed_checksum += res_data.code = port->read();
 
-        if (res_data.code == requested_code) {
+        if (res_data.code == requested_code && res_data.quantity > QUANTITY_REQUEST_STATUS) {
             for (int i = 0; i < (res_data.quantity - QUANTITY_REQUEST_STATUS); i++) {
                 computed_checksum += raw_data[i] = port->read();
             }