Mirror/inav
1
0
Fork 0
mirror of https://github.com/iNavFlight/inav.git synced 2025-07-25 17:25:18 +03:00
Code Issues Wiki Activity

MSP SET messages read ops protection: change dataSize == to dataSize <= for MSPv1 (compat)

Browse source
This commit is contained in:
Michel Pastor 2018-03-21 16:20:39 +01:00
parent 9bf11ec591
commit 5260f97e1e
1 changed files with 50 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

106
src/main/fc/fc_msp.c
View file

@ -1388,7 +1388,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#endif
case MSP_SET_ARMING_CONFIG:
if (dataSize == 2) {
if (dataSize >= 2) {
armingConfigMutable()->auto_disarm_delay = constrain(sbufReadU8(src), AUTO_DISARM_DELAY_MIN, AUTO_DISARM_DELAY_MAX);
armingConfigMutable()->disarm_kill_switch = ~~sbufReadU8(src);
} else
@ -1407,7 +1407,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_PID:
if (dataSize == PID_ITEM_COUNT * 3) {
if (dataSize >= PID_ITEM_COUNT * 3) {
for (int i = 0; i < PID_ITEM_COUNT; i++) {
pidBankMutable()->pid[i].P = sbufReadU8(src);
pidBankMutable()->pid[i].I = sbufReadU8(src);
@ -1423,7 +1423,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
case MSP_SET_MODE_RANGE:
sbufReadU8Safe(&tmp_u8, src);
if ((dataSize == 5) && (tmp_u8 < MAX_MODE_ACTIVATION_CONDITION_COUNT)) {
if ((dataSize >= 5) && (tmp_u8 < MAX_MODE_ACTIVATION_CONDITION_COUNT)) {
modeActivationCondition_t *mac = modeActivationConditionsMutable(tmp_u8);
tmp_u8 = sbufReadU8(src);
const box_t *box = findBoxByPermanentId(tmp_u8);
@ -1444,7 +1444,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
case MSP_SET_ADJUSTMENT_RANGE:
sbufReadU8Safe(&tmp_u8, src);
if ((dataSize == 7) && (tmp_u8 < MAX_ADJUSTMENT_RANGE_COUNT)) {
if ((dataSize >= 7) && (tmp_u8 < MAX_ADJUSTMENT_RANGE_COUNT)) {
adjustmentRange_t *adjRange = adjustmentRangesMutable(tmp_u8);
tmp_u8 = sbufReadU8(src);
if (tmp_u8 < MAX_SIMULTANEOUS_ADJUSTMENT_COUNT) {
@ -1531,7 +1531,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_MISC:
if (dataSize == 22) {
if (dataSize >= 22) {
rxConfigMutable()->midrc = constrain(sbufReadU16(src), MIDRC_MIN, MIDRC_MAX);
motorConfigMutable()->minthrottle = constrain(sbufReadU16(src), PWM_RANGE_MIN, PWM_RANGE_MAX);
@ -1640,7 +1640,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_MOTOR:
if (dataSize == 8 * sizeof(uint16_t)) {
if (dataSize >= 8 * sizeof(uint16_t)) {
for (int i = 0; i < 8; i++) {
const int16_t disarmed = sbufReadU16(src);
if (i < MAX_SUPPORTED_MOTORS) {
@ -1675,7 +1675,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#ifdef USE_SERVOS
case MSP_SET_SERVO_MIX_RULE:
sbufReadU8Safe(&tmp_u8, src);
if ((dataSize == 8) && (tmp_u8 < MAX_SERVO_RULES)) {
if ((dataSize >= 8) && (tmp_u8 < MAX_SERVO_RULES)) {
customServoMixersMutable(tmp_u8)->targetChannel = sbufReadU8(src);
customServoMixersMutable(tmp_u8)->inputSource = sbufReadU8(src);
customServoMixersMutable(tmp_u8)->rate = sbufReadU8(src);
@ -1700,7 +1700,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_3D:
if (dataSize == 6) {
if (dataSize >= 6) {
flight3DConfigMutable()->deadband3d_low = sbufReadU16(src);
flight3DConfigMutable()->deadband3d_high = sbufReadU16(src);
flight3DConfigMutable()->neutral3d = sbufReadU16(src);
@ -1709,7 +1709,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_RC_DEADBAND:
if (dataSize == 5) {
if (dataSize >= 5) {
rcControlsConfigMutable()->deadband = sbufReadU8(src);
rcControlsConfigMutable()->yaw_deadband = sbufReadU8(src);
rcControlsConfigMutable()->alt_hold_deadband = sbufReadU8(src);
@ -1719,14 +1719,11 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_RESET_CURR_PID:
if (dataSize == 0)
PG_RESET_CURRENT(pidProfile);
else
return MSP_RESULT_ERROR;
PG_RESET_CURRENT(pidProfile);
break;
case MSP_SET_SENSOR_ALIGNMENT:
if (dataSize == 3) {
if (dataSize >= 3) {
gyroConfigMutable()->gyro_align = sbufReadU8(src);
accelerometerConfigMutable()->acc_align = sbufReadU8(src);
#ifdef USE_MAG
@ -1739,7 +1736,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_ADVANCED_CONFIG:
if (dataSize == 9) {
if (dataSize >= 9) {
gyroConfigMutable()->gyroSyncDenominator = sbufReadU8(src);
sbufReadU8(src); // BF: masterConfig.pid_process_denom
sbufReadU8(src); // BF: motorConfig()->useUnsyncedPwm
@ -1756,7 +1753,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_FILTER_CONFIG :
if ((dataSize >= 5) && (dataSize <= 17)) {
if (dataSize >= 5) {
gyroConfigMutable()->gyro_soft_lpf_hz = sbufReadU8(src);
pidProfileMutable()->dterm_lpf_hz = constrain(sbufReadU16(src), 0, 255);
pidProfileMutable()->yaw_lpf_hz = constrain(sbufReadU16(src), 0, 255);
@ -1776,7 +1773,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
return MSP_RESULT_ERROR;
#endif
#ifdef USE_GYRO_NOTCH_2
if (dataSize == 17) {
if (dataSize >= 17) {
gyroConfigMutable()->gyro_soft_notch_hz_2 = constrain(sbufReadU16(src), 0, 500);
gyroConfigMutable()->gyro_soft_notch_cutoff_2 = constrain(sbufReadU16(src), 1, 500);
} else
@ -1787,7 +1784,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_PID_ADVANCED:
if (dataSize == 17) {
if (dataSize >= 17) {
pidProfileMutable()->rollPitchItermIgnoreRate = sbufReadU16(src);
pidProfileMutable()->yawItermIgnoreRate = sbufReadU16(src);
pidProfileMutable()->yaw_p_limit = sbufReadU16(src);
@ -1810,7 +1807,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_INAV_PID:
if (dataSize == 15) {
if (dataSize >= 15) {
#ifdef USE_ASYNC_GYRO_PROCESSING
systemConfigMutable()->asyncMode = sbufReadU8(src);
systemConfigMutable()->accTaskFrequency = sbufReadU16(src);
@ -1834,7 +1831,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_SENSOR_CONFIG:
if (dataSize == 6) {
if (dataSize >= 6) {
accelerometerConfigMutable()->acc_hardware = sbufReadU8(src);
#ifdef USE_BARO
barometerConfigMutable()->baro_hardware = sbufReadU8(src);
@ -1867,7 +1864,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#ifdef USE_NAV
case MSP_SET_NAV_POSHOLD:
if (dataSize == 13) {
if (dataSize >= 13) {
navConfigMutable()->general.flags.user_control_mode = sbufReadU8(src);
navConfigMutable()->general.max_auto_speed = sbufReadU16(src);
navConfigMutable()->general.max_auto_climb_rate = sbufReadU16(src);
@ -1881,7 +1878,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_RTH_AND_LAND_CONFIG:
if (dataSize == 19) {
if (dataSize >= 19) {
navConfigMutable()->general.min_rth_distance = sbufReadU16(src);
navConfigMutable()->general.flags.rth_climb_first = sbufReadU8(src);
navConfigMutable()->general.flags.rth_climb_ignore_emerg = sbufReadU8(src);
@ -1899,7 +1896,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_FW_CONFIG:
if (dataSize == 12) {
if (dataSize >= 12) {
navConfigMutable()->fw.cruise_throttle = sbufReadU16(src);
navConfigMutable()->fw.min_throttle = sbufReadU16(src);
navConfigMutable()->fw.max_throttle = sbufReadU16(src);
@ -1914,7 +1911,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#endif
case MSP_SET_CALIBRATION_DATA:
if (dataSize == 18) {
if (dataSize >= 18) {
#ifdef USE_ACC
accelerometerConfigMutable()->accZero.raw[X] = sbufReadU16(src);
accelerometerConfigMutable()->accZero.raw[Y] = sbufReadU16(src);
@ -1946,7 +1943,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#ifdef USE_NAV
case MSP_SET_POSITION_ESTIMATION_CONFIG:
if (dataSize == 12) {
if (dataSize >= 12) {
positionEstimationConfigMutable()->w_z_baro_p = constrainf(sbufReadU16(src) / 100.0f, 0.0f, 10.0f);
positionEstimationConfigMutable()->w_z_gps_p = constrainf(sbufReadU16(src) / 100.0f, 0.0f, 10.0f);
positionEstimationConfigMutable()->w_z_gps_v = constrainf(sbufReadU16(src) / 100.0f, 0.0f, 10.0f);
@ -1960,7 +1957,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#endif
case MSP_RESET_CONF:
if ((dataSize == 0) && (!ARMING_FLAG(ARMED))) {
if (!ARMING_FLAG(ARMED)) {
resetEEPROM();
readEEPROM();
} else
@ -1968,21 +1965,21 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_ACC_CALIBRATION:
if ((dataSize == 0) && (!ARMING_FLAG(ARMED))) {
if (!ARMING_FLAG(ARMED))
accSetCalibrationCycles(CALIBRATING_ACC_CYCLES);
} else
else
return MSP_RESULT_ERROR;
break;
case MSP_MAG_CALIBRATION:
if ((dataSize == 0) && (!ARMING_FLAG(ARMED))) {
if (!ARMING_FLAG(ARMED))
ENABLE_STATE(CALIBRATE_MAG);
} else
else
return MSP_RESULT_ERROR;
break;
case MSP_EEPROM_WRITE:
if ((dataSize == 0) && (!ARMING_FLAG(ARMED))) {
if (!ARMING_FLAG(ARMED)) {
writeEEPROM();
readEEPROM();
} else
@ -1992,7 +1989,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#ifdef USE_BLACKBOX
case MSP_SET_BLACKBOX_CONFIG:
// Don't allow config to be updated while Blackbox is logging
if ((dataSize == 3) && blackboxMayEditConfig()) {
if ((dataSize >= 3) && blackboxMayEditConfig()) {
blackboxConfigMutable()->device = sbufReadU8(src);
blackboxConfigMutable()->rate_num = sbufReadU8(src);
blackboxConfigMutable()->rate_denom = sbufReadU8(src);
@ -2006,7 +2003,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
sbufReadU8Safe(&tmp_u8, src);
// set all the other settings
if ((int8_t)tmp_u8 == -1) {
if (dataSize == 10) {
if (dataSize >= 10) {
#ifdef USE_MAX7456
osdConfigMutable()->video_system = sbufReadU8(src);
#else
@ -2024,7 +2021,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
return MSP_RESULT_ERROR;
} else {
// set a position setting
if ((dataSize == 3) && (tmp_u8 < OSD_ITEM_COUNT)) // tmp_u8 == addr
if ((dataSize >= 3) && (tmp_u8 < OSD_ITEM_COUNT)) // tmp_u8 == addr
osdConfigMutable()->item_pos[tmp_u8] = sbufReadU16(src);
else
return MSP_RESULT_ERROR;
@ -2038,7 +2035,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
case MSP_OSD_CHAR_WRITE:
#ifdef USE_MAX7456
if (dataSize == 55) {
if (dataSize >= 55) {
uint8_t font_data[64];
const uint8_t addr = sbufReadU8(src);
for (int i = 0; i < 54; i++) {
@ -2054,7 +2051,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#if defined(VTX_COMMON)
case MSP_SET_VTX_CONFIG:
if (dataSize == 4) {
if (dataSize >= 4) {
tmp_u16 = sbufReadU16(src);
const uint8_t band = (tmp_u16 / 8) + 1;
const uint8_t channel = (tmp_u16 % 8) + 1;
@ -2087,16 +2084,13 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#ifdef USE_FLASHFS
case MSP_DATAFLASH_ERASE:
if (dataSize == 0)
flashfsEraseCompletely();
else
return MSP_RESULT_ERROR;
flashfsEraseCompletely();
break;
#endif
#ifdef USE_GPS
case MSP_SET_RAW_GPS:
if (dataSize == 14) {
if (dataSize >= 14) {
if (sbufReadU8(src)) {
ENABLE_STATE(GPS_FIX);
} else {
@ -2125,7 +2119,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#ifdef USE_NAV
case MSP_SET_WP:
if (dataSize == 21) {
if (dataSize >= 21) {
const uint8_t msp_wp_no = sbufReadU8(src); // get the waypoint number
navWaypoint_t msp_wp;
msp_wp.action = sbufReadU8(src); // action
@ -2143,7 +2137,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#endif
case MSP_SET_FEATURE:
if (dataSize == 4) {
if (dataSize >= 4) {
featureClearAll();
featureSet(sbufReadU32(src)); // features bitmap
rxUpdateRSSISource(); // For FEATURE_RSSI_ADC
@ -2152,7 +2146,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_BOARD_ALIGNMENT:
if (dataSize == 6) {
if (dataSize >= 6) {
boardAlignmentMutable()->rollDeciDegrees = sbufReadU16(src);
boardAlignmentMutable()->pitchDeciDegrees = sbufReadU16(src);
boardAlignmentMutable()->yawDeciDegrees = sbufReadU16(src);
@ -2161,7 +2155,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_VOLTAGE_METER_CONFIG:
if (dataSize == 4) {
if (dataSize >= 4) {
batteryConfigMutable()->voltage.scale = sbufReadU8(src) * 10;
batteryConfigMutable()->voltage.cellMin = sbufReadU8(src) * 10;
batteryConfigMutable()->voltage.cellMax = sbufReadU8(src) * 10;
@ -2171,7 +2165,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_CURRENT_METER_CONFIG:
if (dataSize == 7) {
if (dataSize >= 7) {
batteryConfigMutable()->current.scale = sbufReadU16(src);
batteryConfigMutable()->current.offset = sbufReadU16(src);
batteryConfigMutable()->current.type = sbufReadU8(src);
@ -2182,7 +2176,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#ifndef USE_QUAD_MIXER_ONLY
case MSP_SET_MIXER:
if (dataSize == 1) {
if (dataSize >= 1) {
mixerConfigMutable()->mixerMode = sbufReadU8(src);
mixerUpdateStateFlags(); // Required for correct preset functionality
} else
@ -2191,7 +2185,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#endif
case MSP_SET_RX_CONFIG:
if (dataSize == 24) {
if (dataSize >= 24) {
rxConfigMutable()->serialrx_provider = sbufReadU8(src);
rxConfigMutable()->maxcheck = sbufReadU16(src);
rxConfigMutable()->midrc = sbufReadU16(src);
@ -2212,7 +2206,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_FAILSAFE_CONFIG:
if (dataSize == 20) {
if (dataSize >= 20) {
failsafeConfigMutable()->failsafe_delay = sbufReadU8(src);
failsafeConfigMutable()->failsafe_off_delay = sbufReadU8(src);
failsafeConfigMutable()->failsafe_throttle = sbufReadU16(src);
@ -2232,14 +2226,14 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
case MSP_SET_RSSI_CONFIG:
sbufReadU8Safe(&tmp_u8, src);
if ((dataSize == 1) && (tmp_u8 <= MAX_SUPPORTED_RC_CHANNEL_COUNT))
if ((dataSize >= 1) && (tmp_u8 <= MAX_SUPPORTED_RC_CHANNEL_COUNT))
rxConfigMutable()->rssi_channel = tmp_u8;
else
return MSP_RESULT_ERROR;
break;
case MSP_SET_RX_MAP:
if (dataSize == MAX_MAPPABLE_RX_INPUTS) {
if (dataSize >= MAX_MAPPABLE_RX_INPUTS) {
for (int i = 0; i < MAX_MAPPABLE_RX_INPUTS; i++) {
rxConfigMutable()->rcmap[i] = sbufReadU8(src);
}
@ -2248,7 +2242,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_BF_CONFIG:
if (dataSize == 16) {
if (dataSize >= 16) {
#ifdef USE_QUAD_MIXER_ONLY
sbufReadU8(src); // mixerMode ignored
#else
@ -2301,7 +2295,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#ifdef USE_LED_STRIP
case MSP_SET_LED_COLORS:
if (dataSize == LED_CONFIGURABLE_COLOR_COUNT * 4) {
if (dataSize >= LED_CONFIGURABLE_COLOR_COUNT * 4) {
for (int i = 0; i < LED_CONFIGURABLE_COLOR_COUNT; i++) {
hsvColor_t *color = &ledStripConfigMutable()->colors[i];
color->h = sbufReadU16(src);
@ -2313,7 +2307,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_LED_STRIP_CONFIG:
if (dataSize == 5) {
if (dataSize >= 5) {
tmp_u8 = sbufReadU8(src);
if (tmp_u8 >= LED_MAX_STRIP_LENGTH || dataSize != (1 + 4)) {
return MSP_RESULT_ERROR;
@ -2326,7 +2320,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
break;
case MSP_SET_LED_STRIP_MODECOLOR:
if (dataSize == 3) {
if (dataSize >= 3) {
ledModeIndex_e modeIdx = sbufReadU8(src);
int funIdx = sbufReadU8(src);
int color = sbufReadU8(src);
@ -2353,7 +2347,7 @@ static mspResult_e mspFcProcessInCommand(uint16_t cmdMSP, sbuf_t *src)
#endif
case MSP_SET_RTC:
if (dataSize == 6) {
if (dataSize >= 6) {
// Use seconds and milliseconds to make senders
// easier to implement. Generating a 64 bit value
// might not be trivial in some platforms.