sascha/esphome
1
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2026-02-08 16:51:52 +00:00
Code Issues Releases Wiki Activity

Merge branch 'proto_bounds_check_fix' into integration

Browse Source
This commit is contained in:
J. Nick Koston
2026-01-16 15:15:13 -10:00
parent d2bece9521 1d61530a07
commit 666fdcfbdf
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
esphome/components/api/proto.cpp
View File

@@ -48,15 +48,13 @@ uint32_t ProtoDecodableMessage::count_repeated_field(const uint8_t *buffer, size
}
uint32_t field_length = res->as_uint32();
ptr += consumed;
// Use subtraction to avoid integer overflow on 32-bit systems
if (field_length > end - ptr) {
if (field_length > static_cast<size_t>(end - ptr)) {
return count; // Out of bounds
}
ptr += field_length;
break;
}
case WIRE_TYPE_FIXED32: { // 32-bit - skip 4 bytes
// Use subtraction to avoid integer overflow on 32-bit systems
if (end - ptr < 4) {
return count;
}
@@ -112,8 +110,7 @@ void ProtoDecodableMessage::decode(const uint8_t *buffer, size_t length) {
}
uint32_t field_length = res->as_uint32();
ptr += consumed;
// Use subtraction to avoid integer overflow on 32-bit systems
if (field_length > end - ptr) {
if (field_length > static_cast<size_t>(end - ptr)) {
ESP_LOGV(TAG, "Out-of-bounds Length Delimited at offset %ld", (long) (ptr - buffer));
return;
}
@@ -124,7 +121,6 @@ void ProtoDecodableMessage::decode(const uint8_t *buffer, size_t length) {
break;
}
case WIRE_TYPE_FIXED32: { // 32-bit
// Use subtraction to avoid integer overflow on 32-bit systems
if (end - ptr < 4) {
ESP_LOGV(TAG, "Out-of-bounds Fixed32-bit at offset %ld", (long) (ptr - buffer));
return;