fix(FCS-1612): Fixed a heap corruption issue when using the sdio interface

ustccw · ustccw · commit dd9188d5c6b8 · 2024-11-24T17:07:39.000+08:00
Reason:
`at_sdio_read_data(data, len)` may read out more bytes than `len` due to incorrect if condition checks,
leading to memory corruption and causing a crash.

Fix:
Corrected the `if` condition in `at_sdio_read_data()` to ensure that the number of bytes read does not exceed the specified length (`len`),
preventing memory corruption and potential crashes.
diff --git a/main/interface/sdio/at_sdio_task.c b/main/interface/sdio/at_sdio_task.c
@@ -105,11 +105,12 @@ static int32_t at_sdio_read_data(uint8_t *data, int32_t len)
         }
 
         esp_at_sdio_list_t *p_list = sp_head;
-        if (len < p_list->left_len) {
-            memcpy(data + copy_len, p_list->pbuf + p_list->pos, len);
-            p_list->pos += len;
-            p_list->left_len -= len;
-            copy_len += len;
+        uint32_t to_read_len = len - copy_len;
+        if (to_read_len < p_list->left_len) {
+            memcpy(data + copy_len, p_list->pbuf + p_list->pos, to_read_len);
+            p_list->pos += to_read_len;
+            p_list->left_len -= to_read_len;
+            copy_len += to_read_len;
         } else {
             memcpy(data + copy_len, p_list->pbuf + p_list->pos, p_list->left_len);
             p_list->pos += p_list->left_len;
