From d7c88780e1df54f34563d60bd7fa01011d2eef03 Mon Sep 17 00:00:00 2001
From: chenluhua1980 <Chenluhua@qq.com>
Date: 星期一, 26 一月 2026 23:17:17 +0800
Subject: [PATCH] 1.CSVData.cpp 里 unserialize 用了 8*2、125*2，但 serialize 只写 8 + 125 字节。 m_svRawData.insert 的 end 指针是 pszBuffer + 125*2，没有用 index 计算，可能把无效区域一起拷进去。 一旦 size 实际是 133（不是 266），就会直接越界，堆会被破坏，m_svDatas.clear() 在销毁元素时崩。

---
 SourceCode/Bond/EAPSimulator/CHsmsActive.cpp |   27 +++++++++++++++++++++++++++
 1 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/SourceCode/Bond/EAPSimulator/CHsmsActive.cpp b/SourceCode/Bond/EAPSimulator/CHsmsActive.cpp
index 6bd6013..a2539da 100644
--- a/SourceCode/Bond/EAPSimulator/CHsmsActive.cpp
+++ b/SourceCode/Bond/EAPSimulator/CHsmsActive.cpp
@@ -395,6 +395,33 @@
 	return 0;
 }
 
+int CHsmsActive::hsmsEquipmentConstantRequest(const std::vector<unsigned short>& ecids)
+{
+	IMessage* pMessage = nullptr;
+	int nRet = HSMS_Create1Message(pMessage, m_nSessionId, 2 | REPLY, 13, ++m_nSystemByte);
+	for (auto id : ecids) {
+		pMessage->getBody()->addU2Item(id, "ECID");
+	}
+	m_pActive->sendMessage(pMessage);
+	HSMS_Destroy1Message(pMessage);
+	return 0;
+}
+
+int CHsmsActive::hsmsEquipmentConstantSend(const std::vector<std::pair<unsigned short, std::string>>& ecidValues)
+{
+	IMessage* pMessage = nullptr;
+	int nRet = HSMS_Create1Message(pMessage, m_nSessionId, 2 | REPLY, 15, ++m_nSystemByte);
+	ISECS2Item* pBody = pMessage->getBody();
+	for (const auto& kv : ecidValues) {
+		ISECS2Item* pEntry = pBody->addItem();
+		pEntry->addU2Item(kv.first, "ECID");
+		pEntry->addItem(kv.second.c_str(), "ECV");
+	}
+	m_pActive->sendMessage(pMessage);
+	HSMS_Destroy1Message(pMessage);
+	return 0;
+}
+
 int CHsmsActive::hsmsQueryPPIDList()
 {
 	IMessage* pMessage = nullptr;

--
Gitblit v1.9.3