diff options
| author | Karsten Heimrich <karsten.heimrich@qt.io> | 2019-08-26 13:50:19 +0200 |
|---|---|---|
| committer | Karsten Heimrich <karsten.heimrich@qt.io> | 2019-08-28 11:29:52 +0200 |
| commit | 827ad07634291c17eac9741140ffc48dd5db79b4 (patch) | |
| tree | b8dd1604ae89925b4448b89841d1a0a5db8cea63 | |
| parent | a30020fd2cbd63642d26e822b50ec5c072e8deaf (diff) | |
Fix crash with index out of bounds
Change-Id: Ibd7c4b6eef6ca08ad5ad51aa9a16aa6bf4a85288
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>
| -rw-r--r-- | src/knx/core/qknxbytearray.cpp | 3 | ||||
| -rw-r--r-- | src/knx/core/qknxbytearray.h | 5 | ||||
| -rw-r--r-- | src/knx/qknxdevicemanagementframe.cpp | 13 |
3 files changed, 15 insertions, 6 deletions
diff --git a/src/knx/core/qknxbytearray.cpp b/src/knx/core/qknxbytearray.cpp index 6a573d6..53ed547 100644 --- a/src/knx/core/qknxbytearray.cpp +++ b/src/knx/core/qknxbytearray.cpp @@ -243,6 +243,9 @@ void QKnxByteArray::clear() */ void QKnxByteArray::resize(int size) { + if (size == m_bytes.size()) + return; + if (size > m_bytes.size()) m_bytes.append(size - m_bytes.size(), 0x00); else diff --git a/src/knx/core/qknxbytearray.h b/src/knx/core/qknxbytearray.h index 4f1fdb1..efc1a02 100644 --- a/src/knx/core/qknxbytearray.h +++ b/src/knx/core/qknxbytearray.h @@ -92,7 +92,10 @@ public: void resize(int size); inline quint8 at(int i) const { return m_bytes.at(i); } - inline void set(int i, quint8 value) { m_bytes[i] = value; } + inline void set(int i, quint8 value) { + Q_ASSERT(i >= 0 && i < size()); + m_bytes[i] = value; + } inline void setValue(int i, quint8 value) { diff --git a/src/knx/qknxdevicemanagementframe.cpp b/src/knx/qknxdevicemanagementframe.cpp index 562dd00..c36c5ca 100644 --- a/src/knx/qknxdevicemanagementframe.cpp +++ b/src/knx/qknxdevicemanagementframe.cpp @@ -339,6 +339,7 @@ void QKnxDeviceManagementFrame::setObjectInstance(quint8 instance) { if (instance < 1) return; + d_ptr->m_serviceInformation.resize(3); d_ptr->m_serviceInformation.set(2, instance); } @@ -359,8 +360,10 @@ QKnxInterfaceObjectProperty QKnxDeviceManagementFrame::property() const */ void QKnxDeviceManagementFrame::setProperty(QKnxInterfaceObjectProperty pid) { - if (QKnxInterfaceObjectProperty::isProperty(pid)) + if (QKnxInterfaceObjectProperty::isProperty(pid)) { + d_ptr->m_serviceInformation.resize(4); d_ptr->m_serviceInformation.set(3, quint8(pid)); + } } /*! @@ -384,6 +387,8 @@ void QKnxDeviceManagementFrame::setNumberOfElements(quint8 numOfElements) { if (numOfElements > 0x0f) return; + + d_ptr->m_serviceInformation.resize(5); d_ptr->m_serviceInformation.set(4, (d_ptr->m_serviceInformation.value(4) & 0x0f) | (numOfElements << 4)); } @@ -475,8 +480,7 @@ void QKnxDeviceManagementFrame::setError(QKnxNetIpCemiServer::Error error) switch (messageCode()) { case MessageCode::PropertyReadConfirmation: case MessageCode::PropertyWriteConfirmation: { - if (d_ptr->m_serviceInformation.size() < 7) - d_ptr->m_serviceInformation.resize(7); + d_ptr->m_serviceInformation.resize(7); d_ptr->m_serviceInformation.set(6, quint8(error)); } default: @@ -523,8 +527,7 @@ void QKnxDeviceManagementFrame::setReturnCode(QKnxNetIpCemiServer::ReturnCode co return; } - if (d_ptr->m_serviceInformation.size() < 6) - d_ptr->m_serviceInformation.resize(6); + d_ptr->m_serviceInformation.resize(6); d_ptr->m_serviceInformation.set(5, quint8(code)); } |