Fix buffer overflow (#266)

TMRh20 · web-flow · commit 6beee5234a2a · 2026-04-07T18:11:30.000-06:00
Confirmed the location of the frag_queue.message_buffer pointer should remain static, but is being moved  upon reception of non-fragmented payloads marked EXTERNAL_DATA_TYPE
diff --git a/RF24Network.cpp b/RF24Network.cpp
@@ -511,7 +511,7 @@ uint8_t ESBNetwork<radio_t>::enqueue(RF24NetworkHeader* header)
         if (header->type == EXTERNAL_DATA_TYPE)
     {
         memcpy((char*)(&frag_queue), &frame_buffer, 8);
-        frag_queue.message_buffer = frame_buffer + sizeof(RF24NetworkHeader);
+        memcpy(frag_queue.message_buffer, frame_buffer + sizeof(RF24NetworkHeader), message_size);
         frag_queue.message_size = message_size;
         return 2;
     }

Original file line number	Diff line number	Diff line change
`@@ -511,7 +511,7 @@ uint8_t ESBNetwork<radio_t>::enqueue(RF24NetworkHeader* header)`
`511`	`511`	`if (header->type == EXTERNAL_DATA_TYPE)`
`512`	`512`	`{`
`513`	`513`	`memcpy((char*)(&frag_queue), &frame_buffer, 8);`
`514`		`- frag_queue.message_buffer = frame_buffer + sizeof(RF24NetworkHeader);`
	`514`	`+ memcpy(frag_queue.message_buffer, frame_buffer + sizeof(RF24NetworkHeader), message_size);`
`515`	`515`	`frag_queue.message_size = message_size;`
`516`	`516`	`return 2;`
`517`	`517`	`}`