You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
function _can_int_rx in components/drivers/can/can.c
/* read from software FIFO */
while (msgs)
{
...
rt_memcpy(data, &listmsg->data, sizeof(struct rt_can_msg));
...
data ++;
msgs -= sizeof(struct rt_can_msg);
}
didn't validate the data length and rx_fifo->uselist msgs length while calling _can_int_rx in rt_can_read, if msgs > datalength, it could result in memory write out of boundary.
The text was updated successfully, but these errors were encountered:
easy6666
changed the title
rt_can_read memory write out of bounder
rt_can_read memory write out of boundary
Mar 19, 2024
function _can_int_rx in components/drivers/can/can.c
didn't validate the data length and rx_fifo->uselist msgs length while calling _can_int_rx in rt_can_read, if msgs > datalength, it could result in memory write out of boundary.
The text was updated successfully, but these errors were encountered: