Skip to content
This repository has been archived by the owner on Apr 19, 2024. It is now read-only.

Commit

Permalink
SCD30: Fix buffer overflow in scd30_read_measurements
Browse files Browse the repository at this point in the history
* Fix a buffer overflow due to specifing the number of bytes instead
  of the number of words.
* Use renamed methods from embedded-common that reflect that a size in
  words is assumed.

Closes #32

Many thanks to @monkeytronics for finding and reporting the issue
  • Loading branch information
abrauchli committed Oct 31, 2019
1 parent ecd8946 commit 5a078eb
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

* [`fixed`] SCD30: Fix buffer overflow when reading measurements that was
introduced in 2.0.1.

## [2.0.1] - 2019-10-17

* [`fixed`] Copy correct `AUTHORS`, `CHANGELOG.md`, `LICENSE`, and
Expand Down
10 changes: 6 additions & 4 deletions scd30/scd30.c
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,9 @@ int16_t scd30_read_measurement(float32_t *co2_ppm, float32_t *temperature,
sensirion_i2c_write_cmd(SCD30_I2C_ADDRESS, SCD30_CMD_READ_MEASUREMENT);
if (ret != STATUS_OK)
return ret;
ret =
sensirion_i2c_read_bytes(SCD30_I2C_ADDRESS, data->bytes, sizeof(data));

ret = sensirion_i2c_read_words_as_bytes(SCD30_I2C_ADDRESS, data->bytes,
SENSIRION_NUM_WORDS(data));
if (ret != STATUS_OK)
return ret;

Expand Down Expand Up @@ -194,8 +195,9 @@ int16_t scd30_read_serial(char *serial) {
return ret;

sensirion_sleep_usec(SCD30_WRITE_DELAY_US);
ret = sensirion_i2c_read_bytes(SCD30_I2C_ADDRESS, (uint8_t *)serial,
SCD30_SERIAL_NUM_WORDS);
ret = sensirion_i2c_read_words_as_bytes(SCD30_I2C_ADDRESS,
(uint8_t *)serial,
SCD30_SERIAL_NUM_WORDS);
serial[2 * SCD30_SERIAL_NUM_WORDS] = '\0';
return ret;
}
Expand Down

0 comments on commit 5a078eb

Please sign in to comment.