From 08edc49d8f63c75bfdfb480b083b0d960310f94f Mon Sep 17 00:00:00 2001
From: Eric S. Raymond <esr@thyrsus.com>
Date: Thu, 11 Apr 2013 02:22:34 +0000
Subject: Address Savannah bug #38511:

ais_context->bitlen <= sizeof(ais_context->bits)/8 is not checked
---
diff --git a/driver_aivdm.c b/driver_aivdm.c
index 8d6ebd0..e663290 100644
--- a/driver_aivdm.c
+++ b/driver_aivdm.c
@@ -195,6 +195,10 @@ static bool aivdm_decode(const char *buf, size_t buflen,
 		    (1 << (7 - ais_context->bitlen % 8));
 	    }
 	    ais_context->bitlen++;
+	    if (ais_context->bitlen > sizeof(ais_context->bits)) {
+		gpsd_report(LOG_INF, "overlong AIVDM payload truncated.\n");
+		return false;
+	    }
 	}
 	/*@ +shiftnegative @*/
     }
--
cgit v0.9.0.2