cancel
Showing results for 
Search instead for 
Did you mean: 

Bug report with NFC03A1

samuel23
Associate III
Posted on February 23, 2017 at 11:49

We are using the NFC03A1 board with Nucleo F103RB.

In the function :

int8_t PCD_ProtocolSelect(const uint8_t Length,const uint8_t Protocol,const uint8_t *Parameters,uint8_t *pResponse)

There is a buffer DataToSend[SELECT_BUFFER_SIZE] where SELECT_BUFFER_SIZE  is 6.

Then we fit the buffer with datas depending on the Lenght argument... until '3 + Length - 1'

In the function : ISO14443A_ConfigFDTforAnticollision(), we can read :

if( IcVers >= QJE)

   NbParam = 6;

else

   NbParam = 4;

status = PCD_ProtocolSelect((NbParam+1),PCD_PROTOCOL_ISO14443A,ProtocolSelectParameters,pDataRead);

... and we got a buffer overflow!

We solved the problem with :

&sharpdefine SELECT_BUFFER_SIZE 10

#nfc03a1
1 ACCEPTED SOLUTION

Accepted Solutions
Rene Lenerve
ST Employee
Posted on May 02, 2017 at 14:02

Hi Samuel,

Thank you for your bug report, there is indeed a problem on the size of the buffer defined for QJE versions.

We will fix this in a future release.

Kind Regards.

View solution in original post

1 REPLY 1
Rene Lenerve
ST Employee
Posted on May 02, 2017 at 14:02

Hi Samuel,

Thank you for your bug report, there is indeed a problem on the size of the buffer defined for QJE versions.

We will fix this in a future release.

Kind Regards.