Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AP_AIS: fix multi part message decoding #29195

Merged
merged 1 commit into from
Feb 3, 2025
Merged

AP_AIS: fix multi part message decoding #29195

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions libraries/AP_AIS/AP_AIS.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,21 +146,25 @@ void AP_AIS::update()
} else if (_incoming.num == _incoming.total) {
// last part of a multi part message
uint8_t index = 0;
uint8_t msg_parts[_incoming.num - 1];

// We have the last part, need to find preceding fragments
const uint8_t parts = _incoming.num - 1;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There appears to be an integer underflow problem here; _incoming.num is coming off the wire, and nothing is checking if it is zero or not.

This is pre-existing.


uint8_t msg_parts[parts];
for (uint8_t i = 0; i < AIVDM_BUFFER_SIZE; i++) {
// look for the rest of the message from the start of the buffer
// we assume the message has be received in the correct order
if (_AIVDM_buffer[i].num == (index + 1) && _AIVDM_buffer[i].total == _incoming.total && _AIVDM_buffer[i].ID == _incoming.ID) {
msg_parts[index] = i;
index++;
if (index >= _incoming.num) {
if (index >= parts) {
break;
}
}
}

// did we find the right number?
if (_incoming.num != index) {
if (parts != index) {
// could not find all of the message, save messages
#if HAL_LOGGING_ENABLED
if (log_unsupported) {
Expand All @@ -180,14 +184,14 @@ void AP_AIS::update()
// combine packets
ExpandingString s;
s.append(_AIVDM_buffer[msg_parts[0]].payload, strlen(_AIVDM_buffer[msg_parts[0]].payload));
for (uint8_t i = 1; i < _incoming.total - 1; i++) {
for (uint8_t i = 1; i < index; i++) {
s.append(_AIVDM_buffer[msg_parts[i]].payload, strlen(_AIVDM_buffer[msg_parts[i]].payload));
}
s.append(_incoming.payload, strlen(_incoming.payload));
#if HAL_LOGGING_ENABLED
const bool decoded = payload_decode(s.get_string());
#endif
for (uint8_t i = 0; i < _incoming.total; i++) {
for (uint8_t i = 0; i < index; i++) {
#if HAL_LOGGING_ENABLED
// unsupported type, log and discard
if (!decoded && log_unsupported) {
Expand Down
Loading