From 12c0d452e9b6c7c8e69d44b868c7afd07896a15c Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <andrew@tridgell.net>
Date: Mon, 20 Apr 2020 07:30:32 +1000
Subject: [PATCH] AP_RCProtocol: fixed buffer overflow in st24 parser

found using random data injection in SITL
---
 libraries/AP_RCProtocol/AP_RCProtocol_ST24.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/AP_RCProtocol/AP_RCProtocol_ST24.cpp b/libraries/AP_RCProtocol/AP_RCProtocol_ST24.cpp
index eec468e59f..5439f60257 100644
--- a/libraries/AP_RCProtocol/AP_RCProtocol_ST24.cpp
+++ b/libraries/AP_RCProtocol/AP_RCProtocol_ST24.cpp
@@ -107,7 +107,7 @@ void AP_RCProtocol_ST24::_process_byte(uint8_t byte)
     case ST24_DECODE_STATE_GOT_STX2:
 
         /* ensure no data overflow failure or hack is possible */
-        if ((unsigned)byte <= sizeof(_rxpacket.length) + sizeof(_rxpacket.type) + sizeof(_rxpacket.st24_data)) {
+        if (byte > 8 && (unsigned)byte <= sizeof(_rxpacket.length) + sizeof(_rxpacket.type) + sizeof(_rxpacket.st24_data)) {
             _rxpacket.length = byte;
             _rxlen = 0;
             _decode_state = ST24_DECODE_STATE_GOT_LEN;