This is an automated email from the ASF dual-hosted git repository.
janc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-core.git
commit a0ba149932e91496327d28d5bbcfaac7750f0359
Author: Magdalena Kasenberg <magdalena.kasenb...@codecoup.pl>
AuthorDate: Tue Feb 23 20:11:46 2021 +0100
sensors/bmp388: Fix untrusted loop bound
Coverity issue 204145
---
hw/drivers/sensors/bmp388/src/bmp388.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/hw/drivers/sensors/bmp388/src/bmp388.c
b/hw/drivers/sensors/bmp388/src/bmp388.c
index 75f062f..0c48c61 100644
--- a/hw/drivers/sensors/bmp388/src/bmp388.c
+++ b/hw/drivers/sensors/bmp388/src/bmp388.c
@@ -2448,9 +2448,14 @@ bmp3_get_fifo_data(const struct bmp3_dev *dev)
BMP388_LOG_ERROR("*****fifo_len added timefifo length is %d\n",
fifo_len);
#endif
}
- /* Update the fifo length in the fifo structure */
- dev->fifo->data.byte_count = fifo_len;
+
+ if (fifo_len > sizeof(fifo->data.buffer)) {
+ rslt = BMP3_E_INVALID_LEN;
+ }
+
if (rslt == BMP3_OK) {
+ /* Update the fifo length in the fifo structure */
+ dev->fifo->data.byte_count = fifo_len;
/* Read the fifo data */
rslt = bmp3_get_regs(BMP3_FIFO_DATA_ADDR, fifo->data.buffer,
fifo_len, dev);
}
