URL:
https://www.st.com/content/st_com/en/products/embedded-software/mcu-mpu-embedded-software/stm32-embedded-software/stm32-ode-function-pack-sw/fp-ind-plcwifi1.html
Type:
Buffer overflow
Description:
Within the while loop as shown in line 536 of Ladder_Lib.c, the variable res_index will increase iteratively. However, no check on the availability of the index res_index when accessing the array element_buffer as shown in line 761 of Ladder_Lib.c will lead to a buffer overflow.
522
uint8_t Evalute_Expression(uint8_t output_index)
523
{
...
536
while((argument=output[output_index].Expression[index++])!=0)
537
{
...
761
element_buffer[res_index++] = Get_Input(Input_CHS,(argument&0x0F));
...
764
}
...
780
}
Result:Memory corruption
