From 7e6de21a9581fe8705a3a23115048f346d58337f Mon Sep 17 00:00:00 2001
From: Luas Lichtl <di.lukas.lichtl@gmail.com>
Date: Fri, 30 Aug 2024 18:46:24 +0200
Subject: [PATCH] check value range before accessing a group objects

---
 src/knx/bau_systemB_device.cpp        | 2 +-
 src/knx/group_object_table_object.cpp | 9 +++++++--
 src/knx/group_object_table_object.h   | 4 +++-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/knx/bau_systemB_device.cpp b/src/knx/bau_systemB_device.cpp
index 872d677..1df1036 100644
--- a/src/knx/bau_systemB_device.cpp
+++ b/src/knx/bau_systemB_device.cpp
@@ -6,7 +6,7 @@
 BauSystemBDevice::BauSystemBDevice(Platform& platform) :
     BauSystemB(platform),
     _addrTable(_memory),
-    _assocTable(_memory), _groupObjTable(_memory),
+    _assocTable(_memory), _groupObjTable(_memory, platform),
 #ifdef USE_DATASECURE
     _appLayer(_deviceObj, _secIfObj, *this),
 #else
diff --git a/src/knx/group_object_table_object.cpp b/src/knx/group_object_table_object.cpp
index 13d8123..7dd8298 100644
--- a/src/knx/group_object_table_object.cpp
+++ b/src/knx/group_object_table_object.cpp
@@ -5,8 +5,8 @@
 #include "bits.h"
 #include "data_property.h"
 
-GroupObjectTableObject::GroupObjectTableObject(Memory& memory)
-    : TableObject(memory)
+GroupObjectTableObject::GroupObjectTableObject(Memory& memory, Platform& platform)
+    : TableObject(memory), _platform(platform)
 {
     Property* properties[]
     {
@@ -30,6 +30,11 @@ uint16_t GroupObjectTableObject::entryCount()
 
 GroupObject& GroupObjectTableObject::get(uint16_t asap)
 {
+    if ((asap == 0) || (asap > UINT8_MAX)) {
+        println("Group Object ID out of range!");
+        _platform.fatalError();
+    }
+
     return _groupObjects[asap - 1];
 }
 
diff --git a/src/knx/group_object_table_object.h b/src/knx/group_object_table_object.h
index fc5d131..bd821f6 100644
--- a/src/knx/group_object_table_object.h
+++ b/src/knx/group_object_table_object.h
@@ -2,13 +2,14 @@
 
 #include "table_object.h"
 #include "group_object.h"
+#include "platform.h"
 
 class GroupObjectTableObject : public TableObject
 {
         friend class GroupObject;
 
     public:
-        GroupObjectTableObject(Memory& memory);
+        GroupObjectTableObject(Memory& memory, Platform& platform);
         virtual ~GroupObjectTableObject();
         uint16_t entryCount();
         GroupObject& get(uint16_t asap);
@@ -24,6 +25,7 @@ class GroupObjectTableObject : public TableObject
         void freeGroupObjects();
         bool initGroupObjects();
         uint16_t* _tableData = 0;
+        Platform& _platform;
         GroupObject* _groupObjects = 0;
         uint16_t _groupObjectCount = 0;
 };
\ No newline at end of file