fix: use strtod with end-pointer validation for robust float parsing
This commit is contained in:
@@ -1,5 +1,6 @@
|
|||||||
#include <Arduino.h>
|
#include <Arduino.h>
|
||||||
#include <avr/interrupt.h>
|
#include <avr/interrupt.h>
|
||||||
|
#include <stdlib.h>
|
||||||
#include <math.h>
|
#include <math.h>
|
||||||
#include "gauge_config.h"
|
#include "gauge_config.h"
|
||||||
|
|
||||||
@@ -455,7 +456,8 @@ bool parseSet(const String& line) {
|
|||||||
bool parseSpeed(const String& line) {
|
bool parseSpeed(const String& line) {
|
||||||
int id; char token[20];
|
int id; char token[20];
|
||||||
if (sscanf(line.c_str(), "SPEED %d %19s", &id, token) == 2) {
|
if (sscanf(line.c_str(), "SPEED %d %19s", &id, token) == 2) {
|
||||||
float speed = atof(token);
|
char* end; float speed = (float)strtod(token, &end);
|
||||||
|
if (end == token || *end != '\0') { sendReply("ERR BAD_SPEED"); return true; }
|
||||||
if (id < 0 || id >= GAUGE_COUNT) { sendReply("ERR BAD_ID"); return true; }
|
if (id < 0 || id >= GAUGE_COUNT) { sendReply("ERR BAD_ID"); return true; }
|
||||||
if (speed <= 0.0f) { sendReply("ERR BAD_SPEED"); return true; }
|
if (speed <= 0.0f) { sendReply("ERR BAD_SPEED"); return true; }
|
||||||
gauges[id].maxSpeed = speed;
|
gauges[id].maxSpeed = speed;
|
||||||
@@ -470,7 +472,8 @@ bool parseSpeed(const String& line) {
|
|||||||
bool parseAccel(const String& line) {
|
bool parseAccel(const String& line) {
|
||||||
int id; char token[20];
|
int id; char token[20];
|
||||||
if (sscanf(line.c_str(), "ACCEL %d %19s", &id, token) == 2) {
|
if (sscanf(line.c_str(), "ACCEL %d %19s", &id, token) == 2) {
|
||||||
float accel = atof(token);
|
char* end; float accel = (float)strtod(token, &end);
|
||||||
|
if (end == token || *end != '\0') { sendReply("ERR BAD_ACCEL"); return true; }
|
||||||
if (id < 0 || id >= GAUGE_COUNT) { sendReply("ERR BAD_ID"); return true; }
|
if (id < 0 || id >= GAUGE_COUNT) { sendReply("ERR BAD_ID"); return true; }
|
||||||
if (accel <= 0.0f) { sendReply("ERR BAD_ACCEL"); return true; }
|
if (accel <= 0.0f) { sendReply("ERR BAD_ACCEL"); return true; }
|
||||||
gauges[id].accel = accel;
|
gauges[id].accel = accel;
|
||||||
@@ -550,8 +553,9 @@ bool parseSweep(const String& line) {
|
|||||||
int id; char accelTok[20], speedTok[20];
|
int id; char accelTok[20], speedTok[20];
|
||||||
if (sscanf(line.c_str(), "SWEEP %d %19s %19s", &id, accelTok, speedTok) == 3) {
|
if (sscanf(line.c_str(), "SWEEP %d %19s %19s", &id, accelTok, speedTok) == 3) {
|
||||||
if (id < 0 || id >= GAUGE_COUNT) { sendReply("ERR BAD_ID"); return true; }
|
if (id < 0 || id >= GAUGE_COUNT) { sendReply("ERR BAD_ID"); return true; }
|
||||||
float accel = atof(accelTok);
|
char* endA; float accel = (float)strtod(accelTok, &endA);
|
||||||
float speed = atof(speedTok);
|
char* endS; float speed = (float)strtod(speedTok, &endS);
|
||||||
|
if (endA == accelTok || *endA != '\0' || endS == speedTok || *endS != '\0') return false;
|
||||||
Gauge& g = gauges[id];
|
Gauge& g = gauges[id];
|
||||||
if (accel <= 0.0f || speed <= 0.0f) {
|
if (accel <= 0.0f || speed <= 0.0f) {
|
||||||
g.sweepEnabled = false;
|
g.sweepEnabled = false;
|
||||||
|
|||||||
Reference in New Issue
Block a user