From cc7e9b539d4eda3a19fc2488fab13e006656dd61 Mon Sep 17 00:00:00 2001
From: skarg <skarg@1e814d3a-8a88-4260-be86-c0dc25669c1e>
Date: Wed, 20 Apr 2016 19:42:41 +0000
Subject: [PATCH] Fixed Get Event Handler to additionally check its own buffer
 length. Get event handler checks only if APDU length is less than Max APDU of
 device that has requested list of events, but it does not check its own Max
 APDU to see if response is too long to fit in Handler_Transmit_Buffer.
 Thanks, Daniel Blazevic!

---
 bacnet-stack/demo/handler/h_getevent.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/bacnet-stack/demo/handler/h_getevent.c b/bacnet-stack/demo/handler/h_getevent.c
index af1b1df0..cbc54c2e 100644
--- a/bacnet-stack/demo/handler/h_getevent.c
+++ b/bacnet-stack/demo/handler/h_getevent.c
@@ -44,7 +44,7 @@
 static get_event_info_function Get_Event_Info[MAX_BACNET_OBJECT_TYPE];
 
 
-/** print eventState 
+/** print eventState
  */
 void ge_ack_print_data(
     BACNET_GET_EVENT_INFORMATION_DATA * data,
@@ -171,18 +171,24 @@ void handler_get_event_information(
                         goto GET_EVENT_ERROR;
                     }
                     apdu_len += len;
-                    if (apdu_len >= service_data->max_resp - 2) {
-                        /* Device must be able to fit minimum one event information.
-                           Length of one event informations needs more than 50 octets. */
-                        if (service_data->max_resp < 128) {
+                    if ((apdu_len >= service_data->max_resp - 2)  ||
+                        (apdu_len >= MAX_APDU - 2)) {
+                        /* Device must be able to fit minimum
+                           one event information.
+                           Length of one event informations needs
+                           more than 50 octets. */
+                        if ((service_data->max_resp < 128) ||
+                            (MAX_APDU < 128)) {
                             len = BACNET_STATUS_ABORT;
                             error = true;
                             goto GET_EVENT_ERROR;
-                        } else
+                        } else {
                             more_events = true;
+                        }
                         break;
-                    } else
+                    } else {
                         pdu_len += len;
+                    }
                 } else if (valid_event < 0) {
                     break;
                 }