Safety: CecConnection::transmit can crash with full packet size

[ssalonen]

Bug description

CecConnection::transmit will fail with libcec version x (TODO) when trying to transmit command having data packet of maximum size

The crash occurs in raspberry pi libcec adapter code.

https://github.com/Pulse-Eight/libcec/blob/master/src/libcec/adapter/RPi/RPiCECAdapterMessageQueue.cpp

Possible failure reason (not verified):

cec_adapter_message_state CRPiCECAdapterMessageQueue::Write(const cec_command &command, bool &bRetry, uint32_t iLineTimeout, bool bIsReply, VC_CEC_ERROR_T &vcReply)
<SNIP>

#if defined(RPI_USE_SEND_MESSAGE2)
<SNIP>
#else
<SNIP>
 uint8_t payload[32];
<SNIP>
    for (uint8_t iPtr = 0; iPtr < command.parameters.size; iPtr++)
      payload[iPtr + 1] = command.parameters.At(iPtr);
  }
<SNIP>


#fi

However, command.parameters can be up to 64 uint8_t cectypes.h --> payload local variable is not large enough!

To Reproduce

TODO

Expected behavior

Screenshots

Environment

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Additional context

[ssalonen]

Discussion on max payload size in the context of Pulse8 adapter Pulse-Eight/libcec#443

[ssalonen]

Upstream issue created Pulse-Eight/libcec#602