From e4dc40a7c2dadf51320cc6f0279f163b217806b6 Mon Sep 17 00:00:00 2001
From: Bartosz Szostak <bartosz.szostak@mudita.com>
Date: Thu, 10 Nov 2022 11:45:50 +0100
Subject: [PATCH] [MOS-741] Fox crashes during the cellular frame processing

Added an additional condition that checks the size of the hacked frame
to avoid processing an incorrect sized frame.
---
 module-cellular/modem/mux/CellularMuxFrame.h | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/module-cellular/modem/mux/CellularMuxFrame.h b/module-cellular/modem/mux/CellularMuxFrame.h
index fc5b058bc20c173e9e6c0e8497d0d9996d4e3fcf..1b62d463d9a4fc8caa92d07084f9e2aac85e5f6f 100644
--- a/module-cellular/modem/mux/CellularMuxFrame.h
+++ b/module-cellular/modem/mux/CellularMuxFrame.h
@@ -134,8 +134,17 @@ class CellularMuxFrame
             else { // long length
                 Length = static_cast<uint16_t>(serData[3] >> 1) + (static_cast<uint16_t>(serData[3]) << 7);
             }
-            if (serData[3] == 0xFF) // ugly hack for Quectel misimplementation of the standard
-                Length = myLen - 6;
+            if (serData[3] == 0xFF) { // ugly hack for Quectel misimplementation of the standard
+                if (myLen < 6) {
+                    LOG_ERROR("The size of the hacked frame is less than 6 bytes. Dropping...");
+                    Address     = 0;
+                    Control     = 0;
+                    frameStatus = EmptyFrame;
+                    return;
+                }
+                else
+                    Length = myLen - 6;
+            }
 
             data.clear();
             data.insert(data.begin(),