From 3813bd7b614171210f973fc17a325f378b6ee3b4 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <andrew@tridgell.net>
Date: Sat, 10 Feb 2024 19:08:29 +1100
Subject: [PATCH 1/2] ensure payload_len is zeroed on start of a new
 multi-frame packet

this ensures that we don't use payload bytes from rejected frames
---
 canard.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/canard.c b/canard.c
index 83cb0ed..4a28609 100644
--- a/canard.c
+++ b/canard.c
@@ -544,6 +544,7 @@ int16_t canardHandleRxFrame(CanardInstance* ins, const CanardCANFrame* frame, ui
 
         // take off the crc and store the payload
         rx_state->timestamp_usec = timestamp_usec;
+        rx_state->payload_len = 0;
         const int16_t ret = bufferBlockPushBytes(&ins->allocator, rx_state, frame->data + 2,
                                                  (uint8_t) (frame->data_len - 3));
         if (ret < 0)

From 2febc68db10f44ebb67084885bf86aac6496035e Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <andrew@tridgell.net>
Date: Sun, 11 Feb 2024 07:42:59 +1100
Subject: [PATCH 2/2] check decode return in C++ wrappers

---
 canard/service_client.h | 5 ++++-
 canard/service_server.h | 5 ++++-
 canard/subscriber.h     | 5 ++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/canard/service_client.h b/canard/service_client.h
index bca543f..517fbd4 100644
--- a/canard/service_client.h
+++ b/canard/service_client.h
@@ -68,7 +68,10 @@ class Client : public HandlerList, public Sender {
     /// @param transfer transfer object of the request
     void handle_message(const CanardRxTransfer& transfer) override {
         rsptype msg {};
-        rsptype::cxx_iface::rsp_decode(&transfer, &msg);
+        if (rsptype::cxx_iface::rsp_decode(&transfer, &msg)) {
+            // invalid decode
+            return;
+        }
 
         // scan through the list of entries for corresponding server node id and transfer id
         Client<rsptype>* entry = branch_head[index];
diff --git a/canard/service_server.h b/canard/service_server.h
index bfc7b39..32c905b 100644
--- a/canard/service_server.h
+++ b/canard/service_server.h
@@ -51,7 +51,10 @@ class Server : public HandlerList {
     /// @param transfer transfer object of the request
     void handle_message(const CanardRxTransfer& transfer) override {
         reqtype msg {};
-        reqtype::cxx_iface::req_decode(&transfer, &msg);
+        if (reqtype::cxx_iface::req_decode(&transfer, &msg)) {
+            // invalid decode
+            return;
+        }
         transfer_id = transfer.transfer_id;
         // call the registered callback
         cb(transfer, msg);
diff --git a/canard/subscriber.h b/canard/subscriber.h
index 52f1598..9f94721 100644
--- a/canard/subscriber.h
+++ b/canard/subscriber.h
@@ -71,7 +71,10 @@ class Subscriber : public HandlerList {
     /// @param transfer transfer object
     void handle_message(const CanardRxTransfer& transfer) override {
         msgtype msg {};
-        msgtype::cxx_iface::decode(&transfer, &msg);
+        if (msgtype::cxx_iface::decode(&transfer, &msg)) {
+            // invalid decode
+            return;
+        }
         // call all registered callbacks in one go
         Subscriber<msgtype>* entry = branch_head[index];
         while (entry != nullptr) {