Bug report with NFC03A1

samuel23 · ‎2017-02-23

Posted on February 23, 2017 at 11:49

We are using the NFC03A1 board with Nucleo F103RB.

In the function :

int8_t PCD_ProtocolSelect(const uint8_t Length,const uint8_t Protocol,const uint8_t *Parameters,uint8_t *pResponse)

There is a buffer DataToSend[SELECT_BUFFER_SIZE] where SELECT_BUFFER_SIZE is 6.

Then we fit the buffer with datas depending on the Lenght argument... until '3 + Length - 1'

In the function : ISO14443A_ConfigFDTforAnticollision(), we can read :

if( IcVers >= QJE)

NbParam = 6;

else

NbParam = 4;

status = PCD_ProtocolSelect((NbParam+1),PCD_PROTOCOL_ISO14443A,ProtocolSelectParameters,pDataRead);

... and we got a buffer overflow!

We solved the problem with :

&sharpdefine SELECT_BUFFER_SIZE 10

#nfc03a1

Rene Lenerve · ‎2017-05-02

Posted on May 02, 2017 at 14:02

Hi Samuel,

Thank you for your bug report, there is indeed a problem on the size of the buffer defined for QJE versions.

We will fix this in a future release.

Kind Regards.

Rene Lenerve · ‎2017-05-02

Posted on May 02, 2017 at 14:02

Hi Samuel,

Thank you for your bug report, there is indeed a problem on the size of the buffer defined for QJE versions.

We will fix this in a future release.

Kind Regards.