From f28d65bb254d008abfe97d20f82953163d9912ce Mon Sep 17 00:00:00 2001
From: Shaked Delarea <shaked.delarea@plaxidityx.com>
Date: Wed, 8 Oct 2025 23:57:37 +0300
Subject: [PATCH] Added boundary check to numGroups to avoid buffer overflow

---
 slac/evse_cm_mnbc_sound.c | 5 +++++
 slac/pev_cm_atten_char.c  | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/slac/evse_cm_mnbc_sound.c b/slac/evse_cm_mnbc_sound.c
index 9c637dd6..f21f29a3 100644
--- a/slac/evse_cm_mnbc_sound.c
+++ b/slac/evse_cm_mnbc_sound.c
@@ -153,6 +153,11 @@ signed evse_cm_mnbc_sound (struct session * session, struct channel * channel, s
 
 #endif
 
+				if (indicate->NumGroups > SLAC_GROUPS)
+				{
+					indicate->NumGroups = SLAC_GROUPS;
+				}
+				
 				for (session->NumGroups = 0; session->NumGroups < indicate->NumGroups; session->NumGroups++)
 				{
 					AAG [session->NumGroups] += indicate->AAG [session->NumGroups];
diff --git a/slac/pev_cm_atten_char.c b/slac/pev_cm_atten_char.c
index 563816cf..b124e7d6 100644
--- a/slac/pev_cm_atten_char.c
+++ b/slac/pev_cm_atten_char.c
@@ -75,6 +75,10 @@ signed pev_cm_atten_char (struct session * session, struct channel * channel, st
 			memcpy (session->EVSE_MAC, indicate->ethernet.OSA, sizeof (session->EVSE_MAC));
 			session->NUM_SOUNDS = indicate->ACVarField.NUM_SOUNDS;
 			session->NumGroups = indicate->ACVarField.ATTEN_PROFILE.NumGroups;
+			if (session->NumGroups > SLAC_GROUPS)
+			{
+				session->NumGroups = SLAC_GROUPS;
+			}
 			memcpy (session->AAG, indicate->ACVarField.ATTEN_PROFILE.AAG, indicate->ACVarField.ATTEN_PROFILE.NumGroups);
 
 #if SLAC_DEBUG