pohui_pohui/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2025-04-23 17:13:38 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Added bounds checking to memcpy and use memory-safe strlcpy (#6351)
Some checks failed
CI / setup (check) (push) Waiting to run
Details
CI / setup (esp32) (push) Waiting to run
Details
CI / setup (esp32c3) (push) Waiting to run
Details
CI / setup (esp32c6) (push) Waiting to run
Details
CI / setup (esp32s3) (push) Waiting to run
Details
CI / setup (nrf52840) (push) Waiting to run
Details
CI / setup (rp2040) (push) Waiting to run
Details
CI / setup (stm32) (push) Waiting to run
Details
CI / check (push) Blocked by required conditions
Details
CI / build-esp32 (push) Blocked by required conditions
Details
CI / build-esp32-s3 (push) Blocked by required conditions
Details
CI / build-esp32-c3 (push) Blocked by required conditions
Details
CI / build-esp32-c6 (push) Blocked by required conditions
Details
CI / build-nrf52 (push) Blocked by required conditions
Details
CI / build-rpi2040 (push) Blocked by required conditions
Details
CI / build-stm32 (push) Blocked by required conditions
Details
CI / build-debian-src (push) Waiting to run
Details
CI / package-pio-deps-native-tft (push) Waiting to run
Details
CI / test-native (push) Waiting to run
Details
CI / docker-debian-amd64 (push) Waiting to run
Details
CI / docker-alpine-amd64 (push) Waiting to run
Details
CI / docker-debian-arm64 (push) Waiting to run
Details
CI / docker-debian-armv7 (push) Waiting to run
Details
CI / after-checks (push) Blocked by required conditions
Details
CI / gather-artifacts (esp32) (push) Blocked by required conditions
Details
CI / gather-artifacts (esp32c3) (push) Blocked by required conditions
Details
CI / gather-artifacts (esp32c6) (push) Blocked by required conditions
Details
CI / gather-artifacts (esp32s3) (push) Blocked by required conditions
Details
CI / gather-artifacts (nrf52840) (push) Blocked by required conditions
Details
CI / gather-artifacts (rp2040) (push) Blocked by required conditions
Details
CI / gather-artifacts (stm32) (push) Blocked by required conditions
Details
CI / release-artifacts (push) Blocked by required conditions
Details
CI / release-firmware (esp32) (push) Blocked by required conditions
Details
CI / release-firmware (esp32c3) (push) Blocked by required conditions
Details
CI / release-firmware (esp32c6) (push) Blocked by required conditions
Details
CI / release-firmware (esp32s3) (push) Blocked by required conditions
Details
CI / release-firmware (nrf52840) (push) Blocked by required conditions
Details
CI / release-firmware (rp2040) (push) Blocked by required conditions
Details
CI / release-firmware (stm32) (push) Blocked by required conditions
Details
Daily Packaging / docker-multiarch (push) Has been cancelled
Details
Daily Packaging / package-ppa (jammy) (push) Has been cancelled
Details
Daily Packaging / package-ppa (noble) (push) Has been cancelled
Details
Daily Packaging / package-ppa (oracular) (push) Has been cancelled
Details
Daily Packaging / package-ppa (plucky) (push) Has been cancelled
Details
Daily Packaging / package-obs (push) Has been cancelled
Details
Daily Packaging / hook-copr (push) Has been cancelled
Details

Browse Source 
* Added bounds checking to memcpy and use memory-safe strlcpy for reading serial data in processWXSerial() function.

* Fixed linting with trunk
This commit is contained in:
raulperdomo 2025-03-20 11:40:13 -04:00 committed by GitHub
parent 46235f6f8b
commit 0d95b1afcc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 68 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
src/modules/SerialModule.cpp
View File

@ -468,81 +468,83 @@ void SerialModule::processWXSerial()
// Extract the current line // Extract the current line
char line[meshtastic_Constants_DATA_PAYLOAD_LEN]; char line[meshtastic_Constants_DATA_PAYLOAD_LEN];
memset(line, '\0', sizeof(line)); memset(line, '\0', sizeof(line));
memcpy(line, &serialBytes[lineStart], lineEnd - lineStart); if (lineEnd - lineStart < sizeof(line) - 1) {
if (strstr(line, "Wind") != NULL) // we have a wind line memcpy(line, &serialBytes[lineStart], lineEnd - lineStart);
{ if (strstr(line, "Wind") != NULL) // we have a wind line
gotwind = true; {
// Find the positions of "=" signs in the line gotwind = true;
char *windDirPos = strstr(line, "WindDir = "); // Find the positions of "=" signs in the line
char *windSpeedPos = strstr(line, "WindSpeed = "); char *windDirPos = strstr(line, "WindDir = ");
char *windGustPos = strstr(line, "WindGust = "); char *windSpeedPos = strstr(line, "WindSpeed = ");
char *windGustPos = strstr(line, "WindGust = ");
if (windDirPos != NULL) { if (windDirPos != NULL) {
// Extract data after "=" for WindDir // Extract data after "=" for WindDir
strcpy(windDir, windDirPos + 15); // Add 15 to skip "WindDir = " strlcpy(windDir, windDirPos + 15, sizeof(windDir)); // Add 15 to skip "WindDir = "
double radians = GeoCoord::toRadians(strtof(windDir, nullptr)); double radians = GeoCoord::toRadians(strtof(windDir, nullptr));
dir_sum_sin += sin(radians); dir_sum_sin += sin(radians);
dir_sum_cos += cos(radians); dir_sum_cos += cos(radians);
dirCount++; dirCount++;
} else if (windSpeedPos != NULL) { } else if (windSpeedPos != NULL) {
// Extract data after "=" for WindSpeed // Extract data after "=" for WindSpeed
strcpy(windVel, windSpeedPos + 15); // Add 15 to skip "WindSpeed = " strlcpy(windVel, windSpeedPos + 15, sizeof(windVel)); // Add 15 to skip "WindSpeed = "
float newv = strtof(windVel, nullptr); float newv = strtof(windVel, nullptr);
velSum += newv; velSum += newv;
velCount++; velCount++;
if (newv < lull || lull == -1) if (newv < lull || lull == -1)
lull = newv; lull = newv;
} else if (windGustPos != NULL) { } else if (windGustPos != NULL) {
strcpy(windGust, windGustPos + 15); // Add 15 to skip "WindSpeed = " strlcpy(windGust, windGustPos + 15, sizeof(windGust)); // Add 15 to skip "WindSpeed = "
float newg = strtof(windGust, nullptr); float newg = strtof(windGust, nullptr);
if (newg > gust) if (newg > gust)
gust = newg; gust = newg;
} }
// these are also voltage data we care about possibly // these are also voltage data we care about possibly
} else if (strstr(line, "BatVoltage") != NULL) { // we have a battVoltage line } else if (strstr(line, "BatVoltage") != NULL) { // we have a battVoltage line
char *batVoltagePos = strstr(line, "BatVoltage = "); char *batVoltagePos = strstr(line, "BatVoltage = ");
if (batVoltagePos != NULL) { if (batVoltagePos != NULL) {
strcpy(batVoltage, batVoltagePos + 17); // 18 for ws 80, 17 for ws85 strlcpy(batVoltage, batVoltagePos + 17, sizeof(batVoltage)); // 18 for ws 80, 17 for ws85
batVoltageF = strtof(batVoltage, nullptr); batVoltageF = strtof(batVoltage, nullptr);
break; // last possible data we want so break break; // last possible data we want so break
} }
} else if (strstr(line, "CapVoltage") != NULL) { // we have a cappVoltage line } else if (strstr(line, "CapVoltage") != NULL) { // we have a cappVoltage line
char *capVoltagePos = strstr(line, "CapVoltage = "); char *capVoltagePos = strstr(line, "CapVoltage = ");
if (capVoltagePos != NULL) { if (capVoltagePos != NULL) {
strcpy(capVoltage, capVoltagePos + 17); // 18 for ws 80, 17 for ws85 strlcpy(capVoltage, capVoltagePos + 17, sizeof(capVoltage)); // 18 for ws 80, 17 for ws85
capVoltageF = strtof(capVoltage, nullptr); capVoltageF = strtof(capVoltage, nullptr);
} }
// GXTS04Temp = 24.4 // GXTS04Temp = 24.4
} else if (strstr(line, "GXTS04Temp") != NULL) { // we have a temperature line } else if (strstr(line, "GXTS04Temp") != NULL) { // we have a temperature line
char *tempPos = strstr(line, "GXTS04Temp = "); char *tempPos = strstr(line, "GXTS04Temp = ");
if (tempPos != NULL) { if (tempPos != NULL) {
strcpy(temperature, tempPos + 15); // 15 spaces for ws85 strlcpy(temperature, tempPos + 15, sizeof(temperature)); // 15 spaces for ws85
temperatureF = strtof(temperature, nullptr); temperatureF = strtof(temperature, nullptr);
} }
} else if (strstr(line, "RainIntSum") != NULL) { // we have a rainsum line } else if (strstr(line, "RainIntSum") != NULL) { // we have a rainsum line
// LOG_INFO(line);
char *pos = strstr(line, "RainIntSum = ");
if (pos != NULL) {
strcpy(rainStr, pos + 17); // 17 spaces for ws85
rainSum = int(strtof(rainStr, nullptr));
}
} else if (strstr(line, "Rain") != NULL) { // we have a rain line
if (strstr(line, "WaveRain") == NULL) { // skip WaveRain lines though.
// LOG_INFO(line); // LOG_INFO(line);
char *pos = strstr(line, "Rain = "); char *pos = strstr(line, "RainIntSum = ");
if (pos != NULL) { if (pos != NULL) {
strcpy(rainStr, pos + 17); // 17 spaces for ws85 strlcpy(rainStr, pos + 17, sizeof(rainStr)); // 17 spaces for ws85
rain = strtof(rainStr, nullptr); rainSum = int(strtof(rainStr, nullptr));
}
} else if (strstr(line, "Rain") != NULL) { // we have a rain line
if (strstr(line, "WaveRain") == NULL) { // skip WaveRain lines though.
// LOG_INFO(line);
char *pos = strstr(line, "Rain = ");
if (pos != NULL) {
strlcpy(rainStr, pos + 17, sizeof(rainStr)); // 17 spaces for ws85
rain = strtof(rainStr, nullptr);
}
} }
} }
}
// Update lineStart for the next line // Update lineStart for the next line
lineStart = lineEnd + 1; lineStart = lineEnd + 1;
}
} }
} }
break; break;