Merge pull request #566 from LedgerHQ/cev/fix-amountToString

Fix potential oob writes
2024-04-12 10:33:47 +02:00
parent a27c9848c8 5b905fe47f
commit c6a909ab38
1 changed files with 4 additions and 1 deletions
--- a/src_common/common_utils.c
+++ b/src_common/common_utils.c
@@ -199,8 +199,11 @@ bool amountToString(const uint8_t *amount,
    uint8_t amount_len = strnlen(tmp_buffer, sizeof(tmp_buffer));
    uint8_t ticker_len = strnlen(ticker, MAX_TICKER_LEN);

-    memcpy(out_buffer, ticker, MIN(out_buffer_size, ticker_len));
    if (ticker_len > 0) {
+        if (out_buffer_size <= ticker_len + 1) {
+            return false;
+        }
+        memcpy(out_buffer, ticker, ticker_len);
        out_buffer[ticker_len++] = ' ';
    }