introduced bounds checking functions and macro

Author: joe-saronic

src/rcv/adnav.c

@@ -32,9 +32,19 @@
 //                      9 // Reserved
 #define ANPP_SYS_NAV   10 // NavIC
 
-/* packet 61 payload lengths */
-#define EPH_LEN_GPS     132                 /* GPS ephemeris */
-#define EPH_LEN_GLO      94                 /* GLONASS ephemeris */
+/* header size for all packets */
+#define HDR_LEN            5
+
+/* packet 20 payload length */
+#define SYSSTATE_LEN     100               /* system state */
+
+/* packet 21 payload length */
+#define UNIXTIME_LEN       8               /* unix time */
+
+/* packet 60 sub-record sizes */
+#define OBS_HDR_LEN       16               /* per-epoch header (time + counters) */
+#define SAT_HDR_LEN        6               /* per-satellite header */
+#define FREQ_BLK_LEN      26               /* per-frequency block size */
 
 /* tracking status bits (packet 60, per-frequency block, byte 1) */
 #define TRKS_CARRIER     0x01              /* carrier phase valid */
@@ -44,13 +54,49 @@
 #define TRKS_DOPPLER     0x10              /* Doppler valid */
 #define TRKS_SNR         0x20              /* SNR valid */
 
+/* packet 61 payload lengths */
+#define EPH_LEN_GPS       132              /* GPS ephemeris */
+#define EPH_LEN_GLO        94              /* GLONASS ephemeris */
+
 /* get fields (little-endian) ------------------------------------------------*/
-#define U1(p) (*((uint8_t *)(p)))
-#define I1(p) (*((int8_t  *)(p)))
-static uint16_t U2(uint8_t *p) {uint16_t u; memcpy(&u,p,2); return u;}
-static uint32_t U4(uint8_t *p) {uint32_t u; memcpy(&u,p,4); return u;}
-static float    R4(uint8_t *p) {float    r; memcpy(&r,p,4); return r;}
-static double   R8(uint8_t *p) {double   r; memcpy(&r,p,8); return r;}
+static uint8_t U1(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index);
+  return raw->buff[index];
+}
+static int8_t I1(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index);
+  return (int8_t)raw->buff[index];
+}
+static uint16_t U2(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index + 1);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index + 1);
+  uint16_t u;
+  memcpy(&u, raw->buff + index, 2);
+  return u;
+}
+static uint32_t U4(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index + 3);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index + 3);
+  uint32_t u;
+  memcpy(&u, raw->buff + index, 4);
+  return u;
+}
+static float R4(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index + 3);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index + 3);
+  float r;
+  memcpy(&r, raw->buff + index, 4);
+  return r;
+}
+static double R8(const raw_t *raw, size_t index) {
+  RTKBOUNDSCHECK(raw->buff, sizeof(raw->buff), index + 7);
+  RTKBOUNDSCHECK(raw->buff, raw->len, index + 7);
+  double r;
+  memcpy(&r, raw->buff + index, 8);
+  return r;
+}
 
 /* receiver state ------------------------------------------------------------*/
 typedef struct {
@@ -233,28 +279,24 @@ static int obuf_slot(raw_t *raw, gtime_t time, int sat)
 static int decode_systemstate(raw_t *raw)
 {
     anpp_t *anpp = raw->rcv_data;
-    uint8_t *p   = raw->buff + 5;
-
-    if (raw->len < 5 + 100) {
+    if (raw->len < HDR_LEN + SYSSTATE_LEN) {
         trace(2, "decode_systemstate: short packet len=%d\n", raw->len);
         return 0;
     }
-    anpp->time.time = (time_t)U4(p + 4);
-    anpp->time.sec  = U4(p + 8) * 1e-6;
+    anpp->time.time = (time_t)U4(raw, HDR_LEN + 4);
+    anpp->time.sec  = U4(raw, HDR_LEN + 8) * 1e-6;
     return 0;
 }
 
 static int decode_unixtime(raw_t *raw)
 {
     anpp_t *anpp = (anpp_t *)raw->rcv_data;
-    uint8_t *p   = raw->buff + 5;
-
-    if (raw->len < 5 + 8) {
+    if (raw->len < HDR_LEN + UNIXTIME_LEN) {
         trace(2, "decode_unixtime: short packet len=%d\n", raw->len);
         return 0;
     }
-    anpp->time.time = (time_t)U4(p);
-    anpp->time.sec  = U4(p + 4) * 1e-6;
+    anpp->time.time = (time_t)U4(raw, HDR_LEN);
+    anpp->time.sec  = U4(raw, HDR_LEN + 4) * 1e-6;
     return 0;
 }
 
@@ -264,20 +306,16 @@ static int decode_rawsatdata(raw_t *raw)
     int ret = 0;
 
     anpp_t  *anpp = (anpp_t *)raw->rcv_data;
-    uint8_t *p    = raw->buff + 5;
-    uint8_t *end  = raw->buff + raw->len;
-
-    if (raw->len < 5 + 16) {
+    if (raw->len < HDR_LEN + OBS_HDR_LEN) {
         trace(2, "decode_rawsatdata: short packet len=%d\n", raw->len);
         return 0;
     }
-
-    uint32_t unix_time       = U4(p);
-    uint32_t nanoseconds     = U4(p + 4);
-    uint8_t  receiver_number = U1(p + 12);
-    uint8_t  packet_number   = U1(p + 13);
-    uint8_t  total_packets   = U1(p + 14);
-    uint8_t  nsats           = U1(p + 15);
+    uint32_t unix_time       = U4(raw, HDR_LEN);
+    uint32_t nanoseconds     = U4(raw, HDR_LEN + 4);
+    uint8_t  receiver_number = U1(raw, HDR_LEN + 12);
+    uint8_t  packet_number   = U1(raw, HDR_LEN + 13);
+    uint8_t  total_packets   = U1(raw, HDR_LEN + 14);
+    uint8_t  nsats           = U1(raw, HDR_LEN + 15);
 
     /* select which receiver_number to emit: parse -RCVR<n> from raw->opt
        (default 0) */
@@ -308,44 +346,44 @@ static int decode_rawsatdata(raw_t *raw)
         anpp->epoch_active    = 1;
     }
 
-    p += 16;
+    size_t offset = HDR_LEN + OBS_HDR_LEN;
 
-    for (int i = 0; i < nsats && p + 6 <= end; i++) {
-        uint8_t sys_id  = U1(p);
+    for (int i = 0; i < nsats && offset + SAT_HDR_LEN <= raw->len; i++) {
+        uint8_t sys_id  = U1(raw, offset);
         int sys         = anpp2sys(sys_id);
-        int sat         = satno(sys, U1(p + 1));
-        uint8_t nfreqs  = U1(p + 5);
-        p      += 6;
+        int sat         = satno(sys, U1(raw, offset + 1));
+        uint8_t nfreqs  = U1(raw, offset + 5);
+        offset += SAT_HDR_LEN;
 
         if (sat == 0) {
-            p += nfreqs * 26;
+            offset += nfreqs * FREQ_BLK_LEN;
             continue;
         }
         int n = obuf_slot(raw, raw->time, sat);
         if (n < 0) {
-            p += nfreqs * 26;
+            offset += nfreqs * FREQ_BLK_LEN;
             continue;
         }
 
-        for (; nfreqs > 0 && p + 26 <= end; nfreqs--, p += 26) {
-            uint8_t freq_id = U1(p);
-            uint8_t trks    = U1(p + 1);
+        for (; nfreqs > 0 && offset + FREQ_BLK_LEN <= raw->len; nfreqs--, offset += FREQ_BLK_LEN) {
+            uint8_t freq_id = U1(raw, offset);
+            uint8_t trks    = U1(raw, offset + 1);
             uint8_t code    = anpp2code(sys_id, freq_id);
             if (code == CODE_NONE) continue;
             int idx = code2idx(sys, code);
             if (idx < 0 || idx >= NFREQ + NEXOBS) continue;
 
             if (trks & TRKS_CARRIER) {
-                raw->obuf.data[n].L[idx]    = R8(p + 2);
+                raw->obuf.data[n].L[idx]    = R8(raw, offset + 2);
                 raw->obuf.data[n].LLI[idx]  = (trks & TRKS_SLIP)      ? LLI_SLIP     : 0;
                 raw->obuf.data[n].LLI[idx] |= (trks & TRKS_HALFCYCLE) ? LLI_HALFC    : 0;
             }
             if (trks & TRKS_PSEUDORANGE)
-                raw->obuf.data[n].P[idx]   = R8(p + 10);
+                raw->obuf.data[n].P[idx]   = R8(raw, offset + 10);
             if (trks & TRKS_DOPPLER)
-                raw->obuf.data[n].D[idx]   = R4(p + 18);
+                raw->obuf.data[n].D[idx]   = R4(raw, offset + 18);
             if (trks & TRKS_SNR)
-                raw->obuf.data[n].SNR[idx] = R4(p + 22);
+                raw->obuf.data[n].SNR[idx] = R4(raw, offset + 22);
 
             raw->obuf.data[n].code[idx] = code;
         }
@@ -360,39 +398,39 @@ static int decode_rawsatdata(raw_t *raw)
 }
 
 /* packet 61: raw satellite ephemeris ----------------------------------------*/
-static int decode_gps_eph(raw_t *raw, int sat, uint8_t *e)
+static int decode_gps_eph(raw_t *raw, int sat, size_t e)
 {
     eph_t  eph = {0};
     double sqrtA;
 
     eph.sat    = sat;
-    eph.iodc   = (int)U2(e + 4);
-    eph.iode   = (int)U2(e + 6);
-    eph.week   = (int)U2(e + 116);
-    eph.toes   = (double)U4(e + 0);
+    eph.iodc   = (int)U2(raw, e + 4);
+    eph.iode   = (int)U2(raw, e + 6);
+    eph.week   = (int)U2(raw, e + 116);
+    eph.toes   = (double)U4(raw, e + 0);
     eph.toe    = gpst2time(eph.week, eph.toes);
     eph.toc    = eph.toe;
-    eph.ttr    = gpst2time(eph.week, (double)U4(e + 118));
-    eph.f0     = (double)R4(e + 8);
-    eph.f1     = (double)R4(e + 12);
-    eph.f2     = (double)R4(e + 16);
-    eph.crs    = (double)R4(e + 20);
-    eph.deln   = (double)R4(e + 24);
-    eph.M0     = R8(e + 28);
-    eph.cuc    = (double)R4(e + 36);
-    eph.e      = R8(e + 40);
-    eph.cus    = (double)R4(e + 48);
-    sqrtA      = R8(e + 52);
+    eph.ttr    = gpst2time(eph.week, (double)U4(raw, e + 118));
+    eph.f0     = (double)R4(raw, e + 8);
+    eph.f1     = (double)R4(raw, e + 12);
+    eph.f2     = (double)R4(raw, e + 16);
+    eph.crs    = (double)R4(raw, e + 20);
+    eph.deln   = (double)R4(raw, e + 24);
+    eph.M0     = R8(raw, e + 28);
+    eph.cuc    = (double)R4(raw, e + 36);
+    eph.e      = R8(raw, e + 40);
+    eph.cus    = (double)R4(raw, e + 48);
+    sqrtA      = R8(raw, e + 52);
     eph.A      = sqrtA * sqrtA;
-    eph.cic    = (double)R4(e + 60);
-    eph.OMG0   = R8(e + 64);
-    eph.cis    = (double)R4(e + 72);
-    eph.i0     = R8(e + 76);
-    eph.crc    = (double)R4(e + 84);
-    eph.omg    = R8(e + 88);
-    eph.OMGd   = R8(e + 96);
-    eph.idot   = R8(e + 104);
-    eph.tgd[0] = (double)R4(e + 112);
+    eph.cic    = (double)R4(raw, e + 60);
+    eph.OMG0   = R8(raw, e + 64);
+    eph.cis    = (double)R4(raw, e + 72);
+    eph.i0     = R8(raw, e + 76);
+    eph.crc    = (double)R4(raw, e + 84);
+    eph.omg    = R8(raw, e + 88);
+    eph.OMGd   = R8(raw, e + 96);
+    eph.idot   = R8(raw, e + 104);
+    eph.tgd[0] = (double)R4(raw, e + 112);
     eph.sva    = 0;
     eph.svh    = 0;
     eph.code   = 0;
@@ -409,27 +447,27 @@ static int decode_gps_eph(raw_t *raw, int sat, uint8_t *e)
     return 2;
 }
 
-static int decode_glo_eph(raw_t *raw, int prn, uint8_t *e)
+static int decode_glo_eph(raw_t *raw, int prn, size_t e)
 {
     geph_t  geph = {0};
     gtime_t utc;
 
     geph.sat    = satno(SYS_GLO, prn);
-    geph.frq    = (int)I1(e + 85);
-    geph.svh    = (int)U1(e + 86);
-    geph.age    = (int)U1(e + 84);
-    geph.taun   = (double)R4(e + 0);
-    geph.gamn   = (double)R4(e + 4);
-    geph.pos[0] = R8(e + 8);
-    geph.pos[1] = R8(e + 16);
-    geph.pos[2] = R8(e + 24);
-    geph.vel[0] = R8(e + 32);
-    geph.vel[1] = R8(e + 40);
-    geph.vel[2] = R8(e + 48);
-    geph.acc[0] = R8(e + 56);
-    geph.acc[1] = R8(e + 64);
-    geph.acc[2] = R8(e + 72);
-    utc.time    = (time_t)U4(e + 80);
+    geph.frq    = (int)I1(raw, e + 85);
+    geph.svh    = (int)U1(raw, e + 86);
+    geph.age    = (int)U1(raw, e + 84);
+    geph.taun   = (double)R4(raw, e + 0);
+    geph.gamn   = (double)R4(raw, e + 4);
+    geph.pos[0] = R8(raw, e + 8);
+    geph.pos[1] = R8(raw, e + 16);
+    geph.pos[2] = R8(raw, e + 24);
+    geph.vel[0] = R8(raw, e + 32);
+    geph.vel[1] = R8(raw, e + 40);
+    geph.vel[2] = R8(raw, e + 48);
+    geph.acc[0] = R8(raw, e + 56);
+    geph.acc[1] = R8(raw, e + 64);
+    geph.acc[2] = R8(raw, e + 72);
+    utc.time    = (time_t)U4(raw, e + 80);
     utc.sec     = 0.0;
     geph.toe    = utc2gpst(utc);
     geph.tof    = geph.toe;
@@ -445,27 +483,26 @@ static int decode_glo_eph(raw_t *raw, int prn, uint8_t *e)
 
 static int decode_rawsateph(raw_t *raw)
 {
-    uint8_t *p      = raw->buff + 5;
-    uint8_t  sys_id = U1(p + 4);
-    int      sys    = anpp2sys(sys_id);
-    int      prn    = (int)U1(p + 5);
-    int      sat    = satno(sys, prn);
+    uint8_t sys_id = U1(raw, HDR_LEN + 4);
+    int     sys    = anpp2sys(sys_id);
+    int     prn    = (int)U1(raw, HDR_LEN + 5);
+    int     sat    = satno(sys, prn);
 
     if (sat == 0) return 0;
 
     switch (sys) {
         case SYS_GPS:
-            if (raw->len < 5 + EPH_LEN_GPS) {
+            if (raw->len < HDR_LEN + EPH_LEN_GPS) {
                 trace(2, "decode_rawsateph GPS: short packet len=%d\n", raw->len);
                 return 0;
             }
-            return decode_gps_eph(raw, sat, p + 6);
+            return decode_gps_eph(raw, sat, HDR_LEN + 6);
         case SYS_GLO:
-            if (raw->len < 5 + EPH_LEN_GLO) {
+            if (raw->len < HDR_LEN + EPH_LEN_GLO) {
                 trace(2, "decode_rawsateph GLO: short packet len=%d\n", raw->len);
                 return 0;
             }
-            return decode_glo_eph(raw, prn, p + 6);
+            return decode_glo_eph(raw, prn, HDR_LEN + 6);
         default:
             trace(2, "decode_rawsateph: unsupported sys=%d\n", sys_id);
             return 0;
@@ -492,7 +529,7 @@ static int valid_hdr(const uint8_t *p)
 
 static int decode_anpp(raw_t *raw)
 {
-    int id = (int)U1(raw->buff + 1);
+    int id = (int)U1(raw, 1);
 
     trace(4, "decode_anpp: id=%d len=%d\n", id, raw->len);
 
@@ -510,22 +547,22 @@ extern int input_anpp(raw_t *raw, uint8_t data)
     if (raw->nbyte < MAXRAWLEN) raw->buff[raw->nbyte] = data;
     raw->nbyte++;
 
-    if (raw->nbyte < 5) return 0;
+    if (raw->nbyte < HDR_LEN) return 0;
 
-    if (raw->nbyte == 5) {
+    if (raw->nbyte == HDR_LEN) {
         if (!valid_hdr(raw->buff)) {
-            memmove(raw->buff, raw->buff + 1, 4);
-            raw->nbyte = 4;
+            memmove(raw->buff, raw->buff + 1, HDR_LEN - 1);
+            raw->nbyte = HDR_LEN - 1;
             return 0;
         }
-        raw->len = 5 + (int)raw->buff[2];
+        raw->len = HDR_LEN + (int)raw->buff[2];
     }
 
     if (raw->nbyte < raw->len) return 0;
 
     raw->nbyte = 0;
 
-    if (crc_ccitt(raw->buff + 5, raw->len - 5) != U2(raw->buff + 3)) {
+    if (crc_ccitt(raw->buff + HDR_LEN, raw->len - HDR_LEN) != U2(raw, 3)) {
         trace(2, "input_anpp: CRC error id=%d\n", (int)raw->buff[1]);
         return 0;
     }