Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: PX4/PX4-Autopilot
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.17.0-rc1
Choose a base ref
...
head repository: PX4/PX4-Autopilot
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.17.0-rc2
Choose a head ref
  • 7 commits
  • 14 files changed
  • 1 contributor

Commits on Mar 13, 2026

  1. fix(telemetry/bst): validate reply length and dev_name_len before use 

    Reject replies with length >= sizeof(BSTPacket) to prevent OOB read
in CRC calculation. Clamp dev_name_len to buffer size to prevent OOB
write during null termination.

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
    @mrpollo
    mrpollo committed Mar 13, 2026
    Configuration menu
    Copy the full SHA
    3d63672 View commit details
    Browse the repository at this point in the history

  2. fix(tattu_can): validate CAN frame bounds before buffer copy 

    Add bounds checking in the CAN frame assembly loop to prevent a buffer
overflow when copying payloads into the Tattu12SBatteryMessage struct.
A crafted CAN frame with a corrupt payload_size could write past the
48-byte struct boundary. Also guard against payload_size of 0 which
would cause an unsigned integer underflow on the size_t subtraction.

Fixes GHSA-wxwm-xmx9-hr32

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
    @mrpollo
    mrpollo committed Mar 13, 2026
    Configuration menu
    Copy the full SHA
    9605d8d View commit details
    Browse the repository at this point in the history

  3. fix(mavlink): reject path traversal sequences in FTP operations 

    Add _validatePath() that rejects paths containing ".." components,
preventing directory traversal outside the FTP root directory.
Applied to all FTP operation handlers (list, open, remove, truncate,
rename, mkdir, rmdir, CRC32).

Fixes GHSA-fh32-qxj9-x32f, GHSA-pm28-2j4f-8jxv

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
    @mrpollo
    mrpollo committed Mar 13, 2026
    Configuration menu
    Copy the full SHA
    48335ac View commit details
    Browse the repository at this point in the history

  4. refactor(mavlink): remove dead FTP unit test code 

    Remove the old MAVLINK_FTP_UNIT_TEST infrastructure that has been dead
code for years (not enabled in any board config). This includes:

- src/modules/mavlink/mavlink_tests/ directory (test suite, CMakeLists)
- All #ifdef MAVLINK_FTP_UNIT_TEST blocks in mavlink_ftp.cpp
- set_unittest_worker() callback mechanism in mavlink_ftp.h
- Conditional uAvionix include in mavlink_bridge_header.h

The test suite will be ported to GTest as a follow-up.

Ref: #26738
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
    @mrpollo
    mrpollo committed Mar 13, 2026
    Configuration menu
    Copy the full SHA
    3bd06cc View commit details
    Browse the repository at this point in the history

  5. fix(mavlink): correct session validation in FTP write and burst opera… 

    …tions

Use logical OR (||) instead of AND (&&) in _workWrite() and _workBurst()
session validation, matching the correct logic already used in _workRead()
and _workTerminate(). The AND operator allowed operations to proceed with
an invalid session ID as long as a valid file descriptor existed.

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
    @mrpollo
    mrpollo committed Mar 13, 2026
    Configuration menu
    Copy the full SHA
    b5b4853 View commit details
    Browse the repository at this point in the history

  6. fix(zenoh): validate payload size before stack allocation 

    Reject Zenoh payloads that exceed the expected uORB topic size plus
CDR header (4 bytes), or that are too small to contain a valid CDR
header. This prevents a stack overflow from crafted network input
where z_bytes_len(payload) controls a VLA allocation.

Fixes GHSA-69g4-hcqf-j45p

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
    @mrpollo
    mrpollo committed Mar 13, 2026
    Configuration menu
    Copy the full SHA
    69a6b9e View commit details
    Browse the repository at this point in the history

  7. fix(mavlink): remove all stale mavlink_tests references 

    The mavlink_tests module was deleted in 1009268 but several
references were left behind, breaking builds on all targets.

Removed:
- CMakeLists.txt: add_subdirectory(mavlink_tests)
- mavlink_ftp.cpp: #include of deleted mavlink_ftp_test.h
- mavlink_ftp.h: MavlinkFtpTest forward decl and friend class
- posix-configs/SITL/init/test/test_mavlink: dead init script
- sitl_tests.cmake: sitl-mavlink CTest target
- install-voxl.sh: px4-mavlink_tests symlink

Ref: #26738
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
    @mrpollo
    mrpollo committed Mar 13, 2026
    Configuration menu
    Copy the full SHA
    0b6e468 View commit details
    Browse the repository at this point in the history
Loading