AIS: Validate message length. Fixes #2125

plugins/channelrx/demodais/aisdemod.cpp

@@ -211,18 +211,20 @@ bool AISDemod::handleMessage(const Message& cmd)
 
             // Decode the message
             ais = AISMessage::decode(report.getMessage());
-
-            m_logStream << report.getDateTime().date().toString() << ","
-                << report.getDateTime().time().toString() << ","
-                << report.getMessage().toHex() << ","
-                << QString("%1").arg(ais->m_mmsi, 9, 10, QChar('0')) << ","
-                << ais->getType() << ","
-                << "\"" << ais->toString() << "\"" << ","
-                << "\"" << ais->toNMEA() << "\"" << ","
-                << report.getSlot() << ","
-                << report.getSlots() << "\n";
-
-            delete ais;
+            if (ais)
+            {
+                m_logStream << report.getDateTime().date().toString() << ","
+                    << report.getDateTime().time().toString() << ","
+                    << report.getMessage().toHex() << ","
+                    << QString("%1").arg(ais->m_mmsi, 9, 10, QChar('0')) << ","
+                    << ais->getType() << ","
+                    << "\"" << ais->toString() << "\"" << ","
+                    << "\"" << ais->toNMEA() << "\"" << ","
+                    << report.getSlot() << ","
+                    << report.getSlots() << "\n";
+
+                delete ais;
+            }
         }
 
         return true;

plugins/channelrx/demodais/aisdemodgui.cpp

@@ -422,6 +422,9 @@ void AISDemodGUI::messageReceived(const QByteArray& message, const QDateTime& da
 
     // Decode the message
     ais = AISMessage::decode(message);
+    if (!ais) {
+        return;
+    }
 
     // Is scroll bar at bottom
     QScrollBar *sb = ui->messages->verticalScrollBar();

plugins/channelrx/demodais/readme.md

@@ -6,7 +6,7 @@ This plugin can be used to demodulate AIS (Automatic Identification System) mess
 
 AIS is broadcast globally on 25kHz channels at 161.975MHz and 162.025MHz, with other frequencies being used regionally or for special purposes. This demodulator is single channel, so if you wish to decode multiple channels simultaneously, you will need to add one AIS demodulator per frequency. As most AIS messages are on 161.975MHz and 162.025MHz, you can set the center frequency as 162MHz, with a sample rate of 100k+Sa/s, with one AIS demod with an input offset -25kHz and another at +25kHz.
 
-The AIS demodulators can send received messages to the [AIS feature](../../feature/ais/readme.md), which displays a table combining the latest data for vessels amalgamated from multiple demodulators and sends their positions to the [Map Feature](../../feature/map/readme.ais) for display in 2D or 3D.
+The AIS demodulators can send received messages to the [AIS feature](../../feature/ais/readme.md), which displays a table combining the latest data for vessels amalgamated from multiple demodulators and sends their positions to the [Map Feature](../../feature/map/readme.md) for display in 2D or 3D.
 
 AIS uses GMSK/FM modulation at a baud rate of 9,600, with a modulation index of 0.5. The demodulator works at a sample rate of 57,600Sa/s.
 

plugins/feature/ais/aisgui.cpp

@@ -152,7 +152,9 @@ bool AISGUI::handleMessage(const Message& message)
         // Decode the message
         AISMessage *ais = AISMessage::decode(report.getPacket());
         // Update table
-        updateVessels(ais, report.getDateTime());
+        if (ais) {
+            updateVessels(ais, report.getDateTime());
+        }
     }
 
     return false;

sdrbase/util/ais.cpp

@@ -179,6 +179,10 @@ QString AISMessage::typeToString(quint8 type)
 
 AISMessage* AISMessage::decode(const QByteArray ba)
 {
+    if (ba.size() < 1) {
+        return nullptr;
+    }
+
     int id = (ba[0] >> 2) & 0x3f;
 
     if ((id == 1) || (id == 2) || (id == 3)) {