From 2ee72c0556e4406a047df18167fec424bc2f8d99 Mon Sep 17 00:00:00 2001
From: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Date: Mon, 17 Mar 2025 07:19:19 +0100
Subject: [PATCH] mcsParser: _bit_length/buffer size / addr sanity check

---
 src/mcsParser.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/mcsParser.cpp b/src/mcsParser.cpp
index db4db44..1126abb 100644
--- a/src/mcsParser.cpp
+++ b/src/mcsParser.cpp
@@ -74,6 +74,9 @@ int McsParser::parse()
 		case 0:
 			loc_addr = _base_addr + addr;
 			ptr = (char *)&str[DATA_BASE];
+			if ((loc_addr + byteLen) > _bit_data.size())
+				_bit_data.resize(loc_addr + byteLen);
+
 			for (int i = 0; i < byteLen; i++, ptr += 2) {
 				sscanf(ptr, "%2hx", &tmp);
 				_bit_data[loc_addr + i] = (_reverseOrder)? reverseByte(tmp):tmp;
@@ -82,11 +85,17 @@ int McsParser::parse()
 			_bit_length += (byteLen * 8);
 			break;
 		case 1:
+			if (_bit_data.size()*8 != _bit_length)
+				_bit_length = _bit_data.size() * 8;
 			return EXIT_SUCCESS;
 			break;
 		case 4:
 			sscanf((char*)&str[DATA_BASE], "%4x", &loc_addr);
 			_base_addr = (loc_addr << 16);
+			if (_base_addr > _bit_data.size())
+				_bit_data.resize(_base_addr);
+			if (_base_addr * 8 > _bit_length)
+				_bit_length = _base_addr * 8;
 			sum += (loc_addr & 0xff) + ((loc_addr >> 8) & 0xff);
 			break;
 		default: