zrzk
/
px4_autopilot
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Fixed app args buffer overrun in qurt px4_layer main.cpp and qshell.cpp

sbg
Gene 9 years ago committed by Julian Oes
parent
f543463349
commit
5cd85b98c2
2 changed files with 19 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      src/drivers/qshell/qurt/qshell.cpp
  2. 12
      src/platforms/qurt/px4_layer/main.cpp

10
src/drivers/qshell/qurt/qshell.cpp
Unescape View File

@ -61,6 +61,8 @@ @@ -61,6 +61,8 @@
#include <drivers/drv_hrt.h>
#include "DriverFramework.hpp"
#define MAX_ARGS 8 // max number of whitespace separated args after app name
extern void init_app_map(std::map<std::string, px4_main_t> &apps);
extern void list_builtins(std::map<std::string, px4_main_t> &apps);
@ -155,10 +157,16 @@ int QShell::run_cmd(const std::vector<std::string> &appargs) @@ -155,10 +157,16 @@ int QShell::run_cmd(const std::vector<std::string> &appargs)
//replaces app.find with iterator code to avoid null pointer exception
for (map<string, px4_main_t>::iterator it = apps.begin(); it != apps.end(); ++it) {
if (it->first == command) {
const char *arg[2 + 1];
// one for command name, one for null terminator
const char *arg[MAX_ARGS + 2];
unsigned int i = 0;
if (appargs.size() > MAX_ARGS + 1) {
PX4_ERR("%d too many arguments in run_cmd", appargs.size() - (MAX_ARGS + 1));
return 1;
}
while (i < appargs.size() && appargs[i].c_str()[0] != '\0') {
arg[i] = (char *)appargs[i].c_str();
PX4_DEBUG(" arg%d = '%s'\n", i, arg[i]);

12
src/platforms/qurt/px4_layer/main.cpp
Unescape View File

@ -51,6 +51,8 @@ @@ -51,6 +51,8 @@
#include "apps.h"
#include "DriverFramework.hpp"
#define MAX_ARGS 8 // max number of whitespace separated args after app name
using namespace std;
extern void init_app_map(map<string, px4_main_t> &apps);
@ -76,10 +78,16 @@ static void run_cmd(map<string, px4_main_t> &apps, const vector<string> &appargs @@ -76,10 +78,16 @@ static void run_cmd(map<string, px4_main_t> &apps, const vector<string> &appargs
//replaces app.find with iterator code to avoid null pointer exception
for (map<string, px4_main_t>::iterator it = apps.begin(); it != apps.end(); ++it)
if (it->first == command) {
const char *arg[2 + 1];
// one for command name, one for null terminator
const char *arg[MAX_ARGS + 2];
unsigned int i = 0;
if (appargs.size() > MAX_ARGS + 1) {
PX4_ERR("%d too many arguments in run_cmd", appargs.size() - (MAX_ARGS + 1));
return;
}
while (i < appargs.size() && appargs[i].c_str()[0] != '\0') {
arg[i] = (char *)appargs[i].c_str();
PX4_DEBUG(" arg%d = '%s'\n", i, arg[i]);
@ -202,7 +210,7 @@ const char *get_commands() @@ -202,7 +210,7 @@ const char *get_commands()
PX4_ERR("Could not open %s\n", COMMANDS_ADSP_FILE);
static const char *commands =
"uorb start\n"
"uorb start\nqshell start\n"
;
return commands;

Write Preview
Loading…
Cancel
Save