panda.cc: fix possible heap overflow on wrong checksum (#27151)

* panda.cc: fix possible heap overflow on wrong checksum * off by one old-commit-hash: f17bca00ba
2026-06-25 20:42:10 +08:00 · 2023-01-31 17:17:21 +01:00
parent 2e954e7473
commit 1ff9f69a57
1 changed files with 4 additions and 0 deletions
@@ -236,6 +236,9 @@ void Panda::can_send(capnp::List<cereal::CanData>::Reader can_data_list) {
 }

 bool Panda::can_receive(std::vector<can_frame>& out_vec) {
+  // Check if enough space left in buffer to store RECV_SIZE data
+  assert(receive_buffer_size + RECV_SIZE <= sizeof(receive_buffer));
+
  int recv = handle->bulk_read(0x81, &receive_buffer[receive_buffer_size], RECV_SIZE);
  if (!comms_healthy()) {
    return false;
@@ -278,6 +281,7 @@ bool Panda::unpack_can_buffer(uint8_t *data, uint32_t &size, std::vector<can_fra

    if (calculate_checksum(&data[pos], sizeof(can_header) + data_len) != 0) {
      LOGE("Panda CAN checksum failed");
+      size = 0;
      return false;
    }