Added bounds to checking in digitalPinTo* functions

BarryPSmith · BarryPSmith · commit 8d4c26173b2c · 2019-12-01T18:41:51.000-08:00
diff --git a/cores/arduino/Arduino.h b/cores/arduino/Arduino.h
@@ -169,24 +169,51 @@ extern const uint8_t PROGMEM digital_pin_to_port_PGM[];
 // extern const uint8_t PROGMEM digital_pin_to_bit_PGM[];
 extern const uint8_t PROGMEM digital_pin_to_bit_mask_PGM[];
 extern const uint8_t PROGMEM digital_pin_to_timer_PGM[];
+extern const uint8_t digital_pin_count;
+
+#define NOT_A_PIN 0
+#define NOT_A_PORT 0
+
+#define NOT_AN_INTERRUPT -1
 
 // Get the bit location within the hardware port of the given virtual pin.
 // This comes from the pins_*.c file for the active board configuration.
 // 
 // These perform slightly better as macros compared to inline functions
-//
-#define digitalPinToPort(P) ( pgm_read_byte( digital_pin_to_port_PGM + (P) ) )
-#define digitalPinToBitMask(P) ( pgm_read_byte( digital_pin_to_bit_mask_PGM + (P) ) )
-#define digitalPinToTimer(P) ( pgm_read_byte( digital_pin_to_timer_PGM + (P) ) )
+// 
 #define analogInPinToBit(P) (P)
 #define portOutputRegister(P) ( (volatile uint8_t *)( pgm_read_word( port_to_output_PGM + (P))) )
 #define portInputRegister(P) ( (volatile uint8_t *)( pgm_read_word( port_to_input_PGM + (P))) )
 #define portModeRegister(P) ( (volatile uint8_t *)( pgm_read_word( port_to_mode_PGM + (P))) )
-
-#define NOT_A_PIN 0
-#define NOT_A_PORT 0
-
-#define NOT_AN_INTERRUPT -1
+//
+// bounds checking on these functions because they return a pointer to an address that will be modified.
+// An out of bounds write can result in stack corruption and fun to track-down errors.
+//
+static inline const uint8_t digitalPinToPort(const uint8_t P) {
+  if (P > digital_pin_count) {
+    return NOT_A_PIN;
+  } else {
+    return pgm_read_byte( digital_pin_to_port_PGM + P );
+  }
+}
+static inline const uint8_t digitalPinToBitMask(const uint8_t P) {
+  if (P > digital_pin_count) {
+    return NOT_A_PIN;
+  } else {
+    return pgm_read_byte( digital_pin_to_bit_mask_PGM + P );
+  }
+}
+static inline const uint8_t digitalPinToTimer(const uint8_t P) {
+  if (P > digital_pin_count) {
+    return NOT_A_PIN;
+  } else {
+    return pgm_read_byte( digital_pin_to_timer_PGM + P );
+  }
+}
+// these defines are to maintain backwards compatibility with #ifdef
+#define digitalPinToPort digitalPinToPort
+#define digitalPinToBitMask digitalPinToBitMask
+#define digitalPinToTimer digitalPinToTimer
 
 #ifdef ARDUINO_MAIN
 #define PA 1
diff --git a/cores/arduino/wiring_digital.c b/cores/arduino/wiring_digital.c
@@ -26,6 +26,8 @@
 #include "wiring_private.h"
 #include "pins_arduino.h"
 
+const uint8_t digital_pin_count = sizeof(digital_pin_to_port_PGM) / sizeof(digital_pin_to_port_PGM[0]);
+
 void pinMode(uint8_t pin, uint8_t mode)
 {
 	uint8_t bit = digitalPinToBitMask(pin);
diff --git a/variants/circuitplay32u4/pins_arduino.h b/variants/circuitplay32u4/pins_arduino.h
@@ -341,6 +341,8 @@ const uint8_t PROGMEM analog_pin_to_channel_PGM[] = {
 	9	// A11		D12		PD6					ADC9
 };
 
+extern const uint8_t digital_pin_count;
+
 #endif /* ARDUINO_MAIN */
 
 // These serial port names are intended to allow libraries and architecture-neutral

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,8 @@`
`26`	`26`	`#include "wiring_private.h"`
`27`	`27`	`#include "pins_arduino.h"`
`28`	`28`
	`29`	`+const uint8_t digital_pin_count = sizeof(digital_pin_to_port_PGM) / sizeof(digital_pin_to_port_PGM[0]);`
	`30`	`+`
`29`	`31`	`void pinMode(uint8_t pin, uint8_t mode)`
`30`	`32`	`{`
`31`	`33`	`uint8_t bit = digitalPinToBitMask(pin);`