Skip to content

Commit b99ae79

Browse files
KurtEKurtE
committed
Bounds checking on g_pin_cfg array
As I mentioned in the forum thread: https://forum.arduino.cc/t/apis-like-digitalwrite-who-use-g-pinc-cfg-should-do-bounds-checking/1156322 I believe that many of the simple functions should have some form of parameter testing. For example: pinMode(100, OUTPUT); Should fail instead of trying to use random garbage off the end of the array to pass down to the next level. As @per1234 mentioned on the forum thread. This has bounced around for years: arduino/ArduinoCore-avr#302 So decided to at least try to do it for a few of the APIs that have this issue. Most of the other references to this array appear to either check or are driven by pin information in definded in the variant.
1 parent 1c9b086 commit b99ae79

File tree

2 files changed

+4
-0
lines changed

2 files changed

+4
-0
lines changed

cores/arduino/analog.cpp

+1
Original file line numberDiff line numberDiff line change
@@ -799,6 +799,7 @@ void analogWrite(pin_size_t pinNumber, int value)
799799

800800
if(ptr != nullptr) {
801801
//check the pinmux in case it's been modified by a call to pinMode()
802+
if (pinNumber >= (g_pin_cfg_size / sizeof(g_pin_cfg[0]))) return; /* pinNumber > sizeof of pin table */
802803
bool has_peripheral_mux = R_PFS->PORT[g_pin_cfg[pinNumber].pin >> IOPORT_PRV_PORT_OFFSET].PIN[g_pin_cfg[pinNumber].pin & BSP_IO_PRV_8BIT_MASK].PmnPFS & IOPORT_CFG_PERIPHERAL_PIN;
803804
if (!has_peripheral_mux) {
804805
ptr->end();

cores/arduino/digital.cpp

+3
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
#include "Arduino.h"
22

33
void pinMode(pin_size_t pin, const PinMode mode) {
4+
if (pin >= (g_pin_cfg_size / sizeof(g_pin_cfg[0]))) return; /* pinNumber > sizeof of pin table */
45
switch (mode) {
56
case INPUT:
67
case INPUT_PULLDOWN: // TODO: document the INPUT_PULLDOWN is unavailable
@@ -19,10 +20,12 @@ void pinMode(pin_size_t pin, const PinMode mode) {
1920
}
2021

2122
void digitalWrite(pin_size_t pin, PinStatus val) {
23+
if (pin >= (g_pin_cfg_size / sizeof(g_pin_cfg[0]))) return; /* pinNumber > sizeof of pin table */
2224
R_IOPORT_PinWrite(NULL, g_pin_cfg[pin].pin, val == LOW ? BSP_IO_LEVEL_LOW : BSP_IO_LEVEL_HIGH);
2325
}
2426

2527
PinStatus digitalRead(pin_size_t pin) {
28+
if (pin >= (g_pin_cfg_size / sizeof(g_pin_cfg[0]))) return LOW; /* pinNumber > sizeof of pin table */
2629
bsp_io_level_t ret;
2730
R_IOPORT_PinRead(NULL, g_pin_cfg[pin].pin, &ret);
2831
return (ret == BSP_IO_LEVEL_LOW ? LOW : HIGH);

0 commit comments

Comments
 (0)