CAN: fix length calculation in message constructor

The two types of the CANMessage constructor accepting a data buffer have two issues. First, they limit the input buffer size to the 4 least significant bits of the passed length even though a CAN message cannot have more than 8 bytes of payload. Second, the used data length in the following memcpy() uses the initially passed data length which may exceed the internal data buffer size. Both will lead into hard to find bugs if the passed data buffer size is outside the limits according to the CAN standard. This fix intends to solve this by limiting the input data size to 8 bytes.

Author: daniel-starke

drivers/CAN.h

@@ -65,11 +65,11 @@ class CANMessage : public CAN_Message {
      */
     CANMessage(unsigned int _id, const unsigned char *_data, unsigned char _len = 8, CANType _type = CANData, CANFormat _format = CANStandard)
     {
-        len    = _len & 0xF;
+        len    = (_len > 8) ? 8 : _len;
         type   = _type;
         format = _format;
         id     = _id;
-        memcpy(data, _data, _len);
+        memcpy(data, _data, len);
     }
 
 
@@ -83,11 +83,11 @@ class CANMessage : public CAN_Message {
      */
     CANMessage(unsigned int _id, const char *_data, unsigned char _len = 8, CANType _type = CANData, CANFormat _format = CANStandard)
     {
-        len    = _len & 0xF;
+        len    = (_len > 8) ? 8 : _len;
         type   = _type;
         format = _format;
         id     = _id;
-        memcpy(data, _data, _len);
+        memcpy(data, _data, len);
     }
 
     /** Creates CAN remote message.