[BUG] Illegal Heap write in rawbuf when the capture has overflowed.

* Fix an issue where we write past the end of the capture buffer when it is full. Two options to fix this: 1. Extend all capture buffers by 1 entry. i.e. upto 4 bytes of extra unused heap and some FLASH/PROGMEM bytes. _or_ 2. Skip the memory write when we have overflowed. i.e. Possibly slightly more than 4 bytes of FLASH/PROGMEM used. - CPU overhead should be about the same. - Given heap & memory is a more critical resource than Flash/PROGMEM, opting for Option 2. TODO: Add unit tests to confirm this works and never happens again. Kudos to @davepl for reporting the issue and diagnosing the offending line of code. Fixes #1516
crankyoldgit · Jul 5, 2021 · 2988443 · 2988443
1 parent 3c1862f
commit 2988443
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/IRrecv.cpp b/src/IRrecv.cpp
@@ -518,7 +518,9 @@ bool IRrecv::decode(decode_results *results, irparams_t *save,
   // interrupt. decode() is not stored in ICACHE_RAM.
   // Another better option would be to zero the entire irparams.rawbuf[] on
   // resume() but that is a much more expensive operation compare to this.
-  params.rawbuf[params.rawlen] = 0;
+  // However, don't do this if rawbuf is already full as we stomp over the heap.
+  // See: https://github.com/crankyoldgit/IRremoteESP8266/issues/1516
+  if (!params.overflow) params.rawbuf[params.rawlen] = 0;
 
   bool resumed = false;  // Flag indicating if we have resumed.