Add validation to MSP for the rc_smoothing_auto_factor setting #9560
Conversation
| @@ -3051,7 +3051,7 @@ static mspResult_e mspProcessInCommand(mspDescriptor_t srcDesc, int16_t cmdMSP, | |||
| if (sbufBytesRemaining(src) >= 1) { | |||
| // Added in MSP API 1.42 | |||
| #if defined(USE_RC_SMOOTHING_FILTER) | |||
| configRebootUpdateCheckU8(&rxConfigMutable()->rc_smoothing_auto_factor, sbufReadU8(src)); | |||
| configRebootUpdateCheckU8(&rxConfigMutable()->rc_smoothing_auto_factor, constrain(sbufReadU8(src), RC_SMOOTHING_AUTO_FACTOR_MIN, RC_SMOOTHING_AUTO_FACTOR_MAX)); | |||
There was a problem hiding this comment.
Can we have a comment in here stating that this is a workaround for a configurator bug, and probably a TODO to pull this out again once a fixed configurator has been released?
I don't think starting the proliferation of input validation being done in the MSP receiver is a good move.
There was a problem hiding this comment.
Sure, I can add a comment about why it's there. But I don't think we can safely remove this any time soon. Are we planning on releasing a patch release for 10.6 configurator? Even if we do people we can't guarantee that everybody will upgrade. And in this case the problem is bad enough not to risk.
There was a problem hiding this comment.
I think we will have to consider a patch release of configurator - we cannot guarantee that users will upgrade from a vulnerable version of 4.1 any more than we can guarantee that they will upgrade configurator, so a two-pronged approach will give us best coverage. At least in the case of configurator they will get an indication when starting up that a new version is available.
This is a workaround for a validation bug in configurator 10.6 where the user can enter an invalid value, immediately click "Save" and that value will be stored before the value is range-checked. Added validation to the MSP message processing to constrain the range to prevent a dangerous result.
etracer65
force-pushed
the
add_msp_rc_smoothing_auto_factor_validation
branch
from
426f4dc
to
15ec707
Compare
…tor_validation Add validation to MSP for the rc_smoothing_auto_factor setting
Fixes #9559
This is a workaround for a validation bug in configurator 10.6 where the user can enter an invalid value, immediately click "Save" and that value will be stored before the value is range-checked. Added validation to the MSP message processing to constrain the range to prevent a dangerous result.