URL:
https://www.st.com/content/st_com/en/products/embedded-software/mcu-mpu-embedded-software/stm32-embedded-software/stm32-ode-function-pack-sw/fp-ind-plcwifi1.html
Type:
Buffer overflow
Description:
The local variable a is initialized to zero as the index to access the global array comp_param. When no changes are made to the index a, accessing the array comp_param with index a-1 as shown in line 458 of Ladder_Lib.c will lead to a buffer overflow.
103
uint16_t comp_param[4];
435
int8_t Component_parser(void)
436
{
...
439
uint8_t a=0;
...
458
comp_param[a-1]=(comp_param[a-1]*(uint8_t)pow(10,1))+(Component[component_index]-0x30);
...
512
}
Result: Memory corruption.
