Fix corrupt OD load following a non-existent object

nattgris · hefloryd · commit e2494e36ed75 · 2021-02-11T16:53:25.000+01:00
If an OD is loaded from a store that contains an object which has
subsequently been removed, it is necessary to skip the part of the data
which was stored for the object. Otherwise the data part will be
interpreted as the index, subindex and size of the next object to load,
possibly loading incorrect data or at least failing to load the
following objects.

Also skip the object if the current OD would not store it (OD_TRANSIENT)
and also abort the load if a size of zero is encountered in the store.

Signed-off-by: Andreas Fritiofson &lt;andreas.fritiofson@unjo.com&gt;
diff --git a/src/co_od.c b/src/co_od.c
@@ -384,19 +384,19 @@ uint32_t co_od_load (co_net_t * net, co_store_t store)
       if (net->read (arg, &subindex, sizeof (subindex)) < 0)
          goto error;
 
-      if (net->read (arg, &size, sizeof (size)) < 0)
+      if (net->read (arg, &size, sizeof (size)) < 0 || size == 0)
          goto error;
 
       /* Attempt to set value. Errors are ignored to support firmware
          update of dictionary */
 
       obj = co_obj_find (net, index);
       if (obj == NULL)
-         continue;
+         goto skip;
 
       entry = co_entry_find (net, obj, subindex);
-      if (entry == NULL || !(entry->flags & OD_WRITE))
-         continue;
+      if (entry == NULL || !(entry->flags & OD_WRITE) || (entry->flags & OD_TRANSIENT))
+         goto skip; /* Not storable in this OD */
 
       if (size <= sizeof (value))
       {
@@ -418,16 +418,20 @@ uint32_t co_od_load (co_net_t * net, co_store_t store)
       else
       {
          /* Stored size does not match object size. Discard data. */
-         while (size > sizeof(value))
-         {
-            if (net->read (arg, &value, sizeof (value)) < 0)
-               goto error;
-            size -= sizeof(value);
-         }
+         goto skip;
+      }
 
-         if (net->read (arg, &value, size) < 0)
+      continue;
+   skip:
+      while (size > sizeof (value))
+      {
+         if (net->read (arg, &value, sizeof (value)) < 0)
             goto error;
+         size -= sizeof (value);
       }
+
+      if (net->read (arg, &value, size) < 0)
+         goto error;
    }
 
    /* Ignore any error on close */
