From a0e0b81ca4bba725c6ec9e59493b2a7fdbf04617 Mon Sep 17 00:00:00 2001
From: skarg <skarg@1e814d3a-8a88-4260-be86-c0dc25669c1e>
Date: Tue, 12 Mar 2013 03:59:29 +0000
Subject: [PATCH] Added bounds checking to one of the RP encode to allow for
 malformed message for negative unit tests.

---
 bacnet-stack/src/rp.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/bacnet-stack/src/rp.c b/bacnet-stack/src/rp.c
index 4c30f8ba..347b5f6e 100644
--- a/bacnet-stack/src/rp.c
+++ b/bacnet-stack/src/rp.c
@@ -55,14 +55,22 @@ int rp_encode_apdu(
         apdu[2] = invoke_id;
         apdu[3] = SERVICE_CONFIRMED_READ_PROPERTY;      /* service choice */
         apdu_len = 4;
-        len =
-            encode_context_object_id(&apdu[apdu_len], 0, rpdata->object_type,
-            rpdata->object_instance);
-        apdu_len += len;
-        len =
-            encode_context_enumerated(&apdu[apdu_len], 1,
-            rpdata->object_property);
-        apdu_len += len;
+        if (rpdata->object_type <= BACNET_MAX_OBJECT) {
+            /* check bounds so that we could create malformed
+               messages for testing */
+            len =
+                encode_context_object_id(&apdu[apdu_len], 0, rpdata->object_type,
+                rpdata->object_instance);
+            apdu_len += len;
+        }
+        if (rpdata->object_property <= 4194303) {
+            /* check bounds so that we could create malformed
+               messages for testing */
+            len =
+                encode_context_enumerated(&apdu[apdu_len], 1,
+                rpdata->object_property);
+            apdu_len += len;
+        }
         /* optional array index */
         if (rpdata->array_index != BACNET_ARRAY_ALL) {
             len =