From 57b7f6517edde2462f79a59d4eeaff29f8215088 Mon Sep 17 00:00:00 2001 From: leha-bot Date: Sat, 11 May 2024 21:58:50 +0300 Subject: [PATCH 1/2] fix: avoid dangling pointers to local storage --- helpers/flipchess_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helpers/flipchess_file.c b/helpers/flipchess_file.c index 0a3cf5a4f55..a051f9b645a 100644 --- a/helpers/flipchess_file.c +++ b/helpers/flipchess_file.c @@ -16,10 +16,10 @@ bool flipchess_has_file(const FlipChessFile file_type, const char* file_name, const bool remove) { bool ret = false; const char* path; + char path_buf[FILE_MAX_PATH_LEN] = {0}; if(file_type == FlipChessFileBoard) { path = FLIPCHESS_BOARD_PATH; } else { - char path_buf[FILE_MAX_PATH_LEN] = {0}; strcpy(path_buf, FLIPCHESS_APP_BASE_FOLDER); // 22 strcpy(path_buf + strlen(path_buf), "/"); strcpy(path_buf + strlen(path_buf), file_name); From 66995c1bc1645bbf96241b5be5412d37052f5273 Mon Sep 17 00:00:00 2001 From: leha-bot Date: Sat, 11 May 2024 21:52:18 +0300 Subject: [PATCH 2/2] fix: avoid buffer overflow in sam engine if index == 255 It may be 255, according to the if above the patch, but flags has 81 items. --- sam/stm32_sam.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sam/stm32_sam.cpp b/sam/stm32_sam.cpp index 41053a5eeb1..041a07a68a1 100644 --- a/sam/stm32_sam.cpp +++ b/sam/stm32_sam.cpp @@ -4510,7 +4510,7 @@ void STM32SAM::AdjustLengths() { mem56 = flags[index]; // not a consonant - if((flags[index] & 64) == 0) { + if((index != 255 && flags[index] & 64) == 0) { // RX or LX? if((index == 18) || (index == 19)) // 'RX' & 'LX' { @@ -5700,4 +5700,4 @@ inline void STM32SAM::SetAUDIO(unsigned char main_volume) { } LL_TIM_OC_SetCompareCH1(FURI_HAL_SPEAKER_TIMER, data); -} \ No newline at end of file +}