The code doesn't handle zero length SYSEX messages correctly. Sending the message [START_SYSEX, END_SYSEX]/[0xf0, 0xf7], causes processSysexMessage to be called (here) with sysexBytesRead == 0.
I think this causes two issues:
First, this will causes the previous SYSEX command to be executed, because storedInputData[0] is not valid:
Second, an underflow occurs when computing sysexBytesRead - 1. If the previous SYSEX command was as STRING_DATA command then the code here ConfigurableFirmata.cpp:229 could overflow the storedInputData buffer (though only without LARGE_MEM_DEVICE defined, since the index is a byte).
In practice, I guess clients shouldn't generate these messages but I thought it was worth reporting.
The code doesn't handle zero length SYSEX messages correctly. Sending the message
[START_SYSEX, END_SYSEX]
/[0xf0, 0xf7]
, causesprocessSysexMessage
to be called (here) withsysexBytesRead == 0
.I think this causes two issues:
storedInputData[0]
is not valid:https://github.com/firmata/ConfigurableFirmata/blob/c759e5a0375bdbb89efb0c7efe640dccd3305f65/src/ConfigurableFirmata.cpp#L216
sysexBytesRead - 1
. If the previous SYSEX command was asSTRING_DATA
command then the code here ConfigurableFirmata.cpp:229 could overflow thestoredInputData
buffer (though only withoutLARGE_MEM_DEVICE
defined, since the index is a byte).In practice, I guess clients shouldn't generate these messages but I thought it was worth reporting.