From f3d6d613c0b1015fb90e51023cf67abe9ae4726f Mon Sep 17 00:00:00 2001 From: Shane Smiskol Date: Wed, 26 Apr 2023 19:43:30 -0700 Subject: [PATCH] safety: don't check out of bounds array item (#1360) * safety: don't check out of bounds array item * better name * cleanup --------- Co-authored-by: Adeeb Shihadeh --- board/safety.h | 2 +- board/safety_declarations.h | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/board/safety.h b/board/safety.h index 80f7181c4..11efb7272 100644 --- a/board/safety.h +++ b/board/safety.h @@ -139,7 +139,7 @@ int get_addr_check_index(CANPacket_t *to_push, AddrCheckStruct addr_list[], cons for (int i = 0; i < len; i++) { // if multiple msgs are allowed, determine which one is present on the bus if (!addr_list[i].msg_seen) { - for (uint8_t j = 0U; addr_list[i].msg[j].addr != 0; j++) { + for (uint8_t j = 0U; (j < MAX_ADDR_CHECK_MSGS) && (addr_list[i].msg[j].addr != 0); j++) { if ((addr == addr_list[i].msg[j].addr) && (bus == addr_list[i].msg[j].bus) && (length == addr_list[i].msg[j].len)) { addr_list[i].index = j; diff --git a/board/safety_declarations.h b/board/safety_declarations.h index 6dde0d4a3..aa6ac1462 100644 --- a/board/safety_declarations.h +++ b/board/safety_declarations.h @@ -8,6 +8,7 @@ const int MAX_WRONG_COUNTERS = 5; const uint8_t MAX_MISSED_MSGS = 10U; +#define MAX_ADDR_CHECK_MSGS 3U // sample struct that keeps 6 samples in memory struct sample_t { @@ -92,7 +93,7 @@ typedef struct { // params and flags about checksum, counter and frequency checks for each monitored address typedef struct { // const params - const CanMsgCheck msg[3]; // check either messages (e.g. honda steer). Array MUST terminate with an empty struct to know its length. + const CanMsgCheck msg[MAX_ADDR_CHECK_MSGS]; // check either messages (e.g. honda steer) // dynamic flags bool msg_seen; int index; // if multiple messages are allowed to be checked, this stores the index of the first one seen. only msg[msg_index] will be used