Fix a memory corruption issue when parsing NMEA sentences

We assumed that if there was a \r in the buffer, then there must also be a \n. if the \r was the final character in the buffer there there would not be a \n so adding 2 to the sentence length would cause an invalid read off the end of the buffer, and by making chars_in_buffer equal -1 an invalid write by underflowing the buffer, scribbling over the address of ctxt. Which then caused a crash.
author: iain <iain@linux.intel.com> 2011-08-16 12:33:50 +0100
committer: iain <iain@linux.intel.com> 2011-08-16 12:33:50 +0100
commit: 517cf8448eddf98e0baf0177e8a5e5c7888366ab (patch)
tree: 99bd991d93f6d427a07aad6b0781a96643fb8e94
parent: b6fdb840d4ae2406c8866c25182feea9e065a10e (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/gypsy-nmea-parser.c b/src/gypsy-nmea-parser.c
index 561a5db..cab86ce 100644
--- a/src/gypsy-nmea-parser.c
+++ b/src/gypsy-nmea-parser.c
@@ -113,6 +113,13 @@ gypsy_nmea_parser_received_data (GypsyParser  *parser,
         int sentence_length;
         /* Account for <LF> */
         sentence_length = (eos - priv->sentence) + 2;
+
+        if (*(eos + 1) == '\n') {
+            sentence_length += 2;
+        } else {
+            sentence_length += 1;
+        }
+
         if (sentence_length > 1) {
             /* terminate the string at the <CR> */
             *eos = '\0';
author	iain <iain@linux.intel.com>	2011-08-16 12:33:50 +0100
committer	iain <iain@linux.intel.com>	2011-08-16 12:33:50 +0100
commit	517cf8448eddf98e0baf0177e8a5e5c7888366ab (patch)
tree	99bd991d93f6d427a07aad6b0781a96643fb8e94
parent	b6fdb840d4ae2406c8866c25182feea9e065a10e (diff)