URL:
https://www.st.com/content/st_com/en/products/embedded-software/mcu-mpu-embedded-software/stm32-embedded-software/stm32-ode-function-pack-sw/fp-ind-plcwifi1.html
Type:
Buffer overflow
Description:
Inside the loop of the function Component_parser, the variable a is used to access the global array comp_param as the index as shown in line 502 of Ladder_Lib.c. However, the function hasn’t checked the availability of the value of the index a which may lead to a buffer overflow after four iterations.
103
uint16_t comp_param[4];
435
int8_t Component_parser(void)
436
{
...
439
uint8_t a=0;
...
446
do
447
{
...
502
comp_param[a++]=Component[component_index];
...
506
}while (Component[component_index]!='#');
...
512
}
Result: Memory corruption
