Message size checking in libfec RS decoder

This fixes a bug with the ESEO decoder. The RS decoder crashed giving std::bad_alloc when it was passed a very short message.
daniestevez · Jan 6, 2019 · 4f898c5 · 4f898c5
1 parent c6d1329
commit 4f898c5
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/lib/decode_rs_general_impl.cc b/lib/decode_rs_general_impl.cc
@@ -94,7 +94,12 @@ namespace gr {
       int frame_len = pmt::length(msg);
       size_t offset(0);
 
-      assert(frame_len <= MAX_FRAME_LEN);
+      if (frame_len <= d_nroots || frame_len > MAX_FRAME_LEN) {
+      	if (d_verbose) {
+	  std::printf("Reed-Solomon decoder: invalid frame length %d\n", frame_len);
+	  return;
+	}
+      }
 
       memset(data, 0, sizeof(data));
       memcpy(data, pmt::uniform_vector_elements(msg, offset), frame_len);

diff --git a/lib/decode_rs_impl.cc b/lib/decode_rs_impl.cc
@@ -89,8 +89,13 @@ namespace gr {
       int frame_len = pmt::length(msg);
       size_t offset(0);
 
-      assert(frame_len <= MAX_FRAME_LEN);
-
+      if (frame_len <= 32 || frame_len > MAX_FRAME_LEN) {
+      	if (d_verbose) {
+	  std::printf("Reed-Solomon decoder: invalid frame length %d\n", frame_len);
+	  return;
+	}
+      }
+
       memcpy(data, pmt::uniform_vector_elements(msg, offset), frame_len);
 
       if (d_basis == BASIS_CONVENTIONAL) {