Skip to content

Commit 1779d92

Browse files
MaciejGroszykMaciejGroszyk
authored
Fix and tests for Validate Message Fields in Subscriptions for Sane & Well Populated Values #5610 (#5631)
Signed-off-by: MaciejGroszyk <maciekgroszyk12@gmail.com>
1 parent 0778f56 commit 1779d92

File tree

2 files changed

+38
-0
lines changed

2 files changed

+38
-0
lines changed

nav2_ros_common/include/nav2_ros_common/validate_messages.hpp

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -169,6 +169,20 @@ bool validateMsg(const nav_msgs::msg::OccupancyGrid & msg)
169169
if (msg.data.size() != msg.info.width * msg.info.height) {
170170
return false; // check map-size
171171
}
172+
173+
if (msg.info.width > INT16_MAX || msg.info.height > INT16_MAX) {
174+
// avoid overflow in nav2_amcl::convertMap()
175+
// because map_t size_x and size_y are int
176+
return false;
177+
}
178+
179+
uint32_t num_cells;
180+
if (__builtin_mul_overflow(msg.info.width, msg.info.height, &num_cells)) {
181+
// avoid overflow msg.info.width * msg.info.height in nav2_amcl::convertMap()
182+
return false;
183+
}
184+
185+
172186
return true;
173187
}
174188

nav2_ros_common/test/test_validation_messages.cpp

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -242,6 +242,30 @@ TEST(ValidateMessagesTest, OccupancyGridCheck) {
242242
std::vector<int8_t> invalid_data(100 * 99, 0); // Incorrect data size
243243
invalid_occupancy_grid.data = invalid_data;
244244
EXPECT_FALSE(nav2::validateMsg(invalid_occupancy_grid));
245+
246+
// Test overflow uint32_t OccupancyGrid message
247+
invalid_occupancy_grid.header.frame_id = "map";
248+
invalid_occupancy_grid.info.resolution = 0.05;
249+
invalid_occupancy_grid.info.width = 65536;
250+
invalid_occupancy_grid.info.height = 65536;
251+
invalid_occupancy_grid.data = data;
252+
EXPECT_FALSE(nav2::validateMsg(invalid_occupancy_grid));
253+
254+
// Test overflow INT16_MAX OccupancyGrid message
255+
invalid_occupancy_grid.header.frame_id = "map";
256+
invalid_occupancy_grid.info.resolution = 0.05;
257+
invalid_occupancy_grid.info.width = INT16_MAX + 1;
258+
invalid_occupancy_grid.info.height = 100;
259+
invalid_occupancy_grid.data = data;
260+
EXPECT_FALSE(nav2::validateMsg(invalid_occupancy_grid));
261+
262+
// Test overflow INT16_MAX OccupancyGrid message
263+
invalid_occupancy_grid.header.frame_id = "map";
264+
invalid_occupancy_grid.info.resolution = 0.05;
265+
invalid_occupancy_grid.info.width = 100;
266+
invalid_occupancy_grid.info.height = INT16_MAX + 1;
267+
invalid_occupancy_grid.data = data;
268+
EXPECT_FALSE(nav2::validateMsg(invalid_occupancy_grid));
245269
}
246270

247271
TEST(ValidateMessagesTest, PoseWithCovarianceCheck) {

0 commit comments

Comments
 (0)