From 1cf9bfa5e5de5485b2e4e8a7703eeffb7e404bcf Mon Sep 17 00:00:00 2001
From: mohammadmseet-hue <mohammadmseet@gmail.com>
Date: Sat, 11 Apr 2026 18:56:01 +0200
Subject: [PATCH] Fix panic on malformed LCM packets

Add bounds checking for fragmented LCM header fields and fingerprint
read. Malformed packets with truncated fragmented headers or missing
fingerprint data caused slice bounds panics.
---
 layers/lcm.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/layers/lcm.go b/layers/lcm.go
index 58a4b8289..4e948fae6 100644
--- a/layers/lcm.go
+++ b/layers/lcm.go
@@ -133,6 +133,10 @@ func (lcm *LCM) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error {
 	offset += 4
 
 	if lcm.Magic == LCMFragmentedHeaderMagic {
+		if len(data) < 20 {
+			df.SetTruncated()
+			return errors.New("LCM fragmented header too short")
+		}
 		lcm.Fragmented = true
 
 		lcm.PayloadSize = binary.BigEndian.Uint32(data[offset : offset+4])
@@ -165,6 +169,10 @@ func (lcm *LCM) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error {
 		lcm.ChannelName = string(buffer)
 	}
 
+	if offset+8 > len(data) {
+		df.SetTruncated()
+		return errors.New("LCM too short for fingerprint")
+	}
 	lcm.fingerprint = LCMFingerprint(
 		binary.BigEndian.Uint64(data[offset : offset+8]))