From e2721136aeab44809b0711643a7c5ec09ad8118d Mon Sep 17 00:00:00 2001
From: stac <stac>
Date: Thu, 3 Jun 2010 13:58:18 +0000
Subject: [PATCH] GPS: fix buffer overrun in nmeaProcess()

nmeaProcess was attempting to null-terminate the
NMEA sentence but was not considering that the
preceeding loop may have looped beyond the end
of the packet buffer.

git-svn-id: svn://svn.openpilot.org/OpenPilot/trunk@709 ebee16cc-31ac-478f-84a7-5cbb03baadba
---
 flight/OpenPilot/Modules/GPS/GPS.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/flight/OpenPilot/Modules/GPS/GPS.c b/flight/OpenPilot/Modules/GPS/GPS.c
index f0cc26537..edce7e115 100644
--- a/flight/OpenPilot/Modules/GPS/GPS.c
+++ b/flight/OpenPilot/Modules/GPS/GPS.c
@@ -233,7 +233,11 @@ uint8_t nmeaProcess(cBuffer* rxBuffer)
 						bufferGetFromFront(rxBuffer);
 				}
 				// null terminate it
-				NmeaPacket[j] = 0;
+				if (j<(NMEA_BUFFERSIZE-1)) {
+					NmeaPacket[j] = 0;
+				} else {
+					NmeaPacket[NMEA_BUFFERSIZE-1] = 0;
+				}
 				// dump <CR><LF> from rxBuffer
 				bufferGetFromFront(rxBuffer);
 				bufferGetFromFront(rxBuffer);