From 1ffcee24ca156a7622dae3d7be425c81559061d1 Mon Sep 17 00:00:00 2001
From: iamsi <me@i-am.si>
Date: Tue, 16 Mar 2021 18:34:22 +0000
Subject: [PATCH] Fix 1 byte buffer overflow in AMBE handling

---
 src/cdmrmmdvmprotocol.cpp | 2 +-
 src/cdmrplusprotocol.cpp  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/cdmrmmdvmprotocol.cpp b/src/cdmrmmdvmprotocol.cpp
index 2398fd1..1d964f5 100644
--- a/src/cdmrmmdvmprotocol.cpp
+++ b/src/cdmrmmdvmprotocol.cpp
@@ -739,7 +739,7 @@ bool CDmrmmdvmProtocol::IsValidDvFramePacket(const CBuffer &Buffer, CDvFramePack
             memcpy(dmr3ambe, dmrframe, 14);
             dmr3ambe[13] &= 0xF0;
             dmr3ambe[13] |= (dmrframe[19] & 0x0F);
-            memcpy(&dmr3ambe[14], &dmrframe[20], 14);
+            memcpy(&dmr3ambe[14], &dmrframe[20], 13);
             // extract sync
             dmrsync[0] = dmrframe[13] & 0x0F;
             ::memcpy(&dmrsync[1], &dmrframe[14], 5);
diff --git a/src/cdmrplusprotocol.cpp b/src/cdmrplusprotocol.cpp
index 1d1180f..4f755dc 100644
--- a/src/cdmrplusprotocol.cpp
+++ b/src/cdmrplusprotocol.cpp
@@ -521,7 +521,7 @@ bool CDmrplusProtocol::IsValidDvFramePacket(const CIp &Ip, const CBuffer &Buffer
             memcpy(dmr3ambe, dmrframe, 14);
             dmr3ambe[13] &= 0xF0;
             dmr3ambe[13] |= (dmrframe[19] & 0x0F);
-            memcpy(&dmr3ambe[14], &dmrframe[20], 14);
+            memcpy(&dmr3ambe[14], &dmrframe[20], 13);
             // extract sync
             dmrsync[0] = dmrframe[13] & 0x0F;
             ::memcpy(&dmrsync[1], &dmrframe[14], 5);