From 741748f92978a8be68cf41be907ac6d3447f0ec8 Mon Sep 17 00:00:00 2001
From: xiang33 <314838141@qq.com>
Date: Sat, 7 Feb 2026 11:01:44 +0800
Subject: [PATCH] Fix stack buffer overflow in Schedule_Weekly_Schedule_Set
 (#1222)

* Fix stack buffer overflow in Schedule_Weekly_Schedule_Set

The memcpy was using sizeof(BACNET_WEEKLY_SCHEDULE) instead of
sizeof(BACNET_DAILY_SCHEDULE), causing it to read 6784 bytes from
a 968-byte source buffer, leading to stack buffer overflow and
segmentation fault in the test_schedule unit test.

This fixes the test_schedule test failure detected by ASAN:
ERROR: AddressSanitizer: stack-buffer-overflow on address ...
READ of size 6784 at 0x... partially underflows this variable

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Update src/bacnet/basic/object/schedule.c

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: kent.liu <kent.liu@designlibro.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Steve Karg <steve@kargs.net>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 src/bacnet/basic/object/schedule.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bacnet/basic/object/schedule.c b/src/bacnet/basic/object/schedule.c
index bcb64cf9..e180928f 100644
--- a/src/bacnet/basic/object/schedule.c
+++ b/src/bacnet/basic/object/schedule.c
@@ -308,7 +308,7 @@ bool Schedule_Weekly_Schedule_Set(
     if (pObject && (array_index < BACNET_WEEKLY_SCHEDULE_SIZE)) {
         memcpy(
             &pObject->Weekly_Schedule[array_index], value,
-            sizeof(BACNET_WEEKLY_SCHEDULE));
+            sizeof(pObject->Weekly_Schedule[array_index]));
         return true;
     }