Closed shijiameng closed 11 months ago
ST Internal Reference: 158546
Hi @shijiameng,
Thank you for this report too.
With regards,
Hi @shijiameng,
The issue you reported has been fixed internally and should be available in the frame of a future release, but not in this repository, rather on st.com.
Indeed, as you can read on the README.md file, starting from version 1.11.1, some projects have been removed from this repository, among which the one you are mentioning in your comment.
More details about this move can be found here.
As there is no fix to publish on this repository consequently to this fix, please allow me to close this issue. Thank you for your comprehension.
With regards,
Bug Description
SPI_WIFI_ResetModule
, it invokesHAL_SPI_Receive()
to receive data from SPI interface and places the received data to arrayprompt
at the index specified bycount
, then it addscount
with 2. Bound check on arrayprompt
is missing, which may cause stack buffer overflow and corrupttickstart
ifcount
exceeds the length ofprompt
.Patch Suggestion
Add bound check before invoking
HAL_SPI_Receive()
.