Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Length calculation wrong; buffer overrun ? #1071

Open
dirkx opened this issue Dec 29, 2024 · 0 comments
Open

Length calculation wrong; buffer overrun ? #1071

dirkx opened this issue Dec 29, 2024 · 0 comments

Comments

@dirkx
Copy link

dirkx commented Dec 29, 2024
edited
Loading

After fighting with some odd topic-corruption (in a const char* no less) -- I think that the calculation in this line:

pubsubclient/src/PubSubClient.cpp

Line 460 in 2d228f2

for (i=0;i<plength;i++) {
the length is a bit overoptimistic; as at that point up to length has already been used by the topic; while plength is either capped by buffSize; e.g. here:

pubsubclient/src/PubSubClient.cpp

Line 437 in 2d228f2

return publish(topic,(const uint8_t*)payload, payload ? strnlen(payload, this->bufferSize) : 0,false);
or when called in full not at all: e.g. here:

pubsubclient/src/PubSubClient.cpp

Line 448 in 2d228f2

boolean PubSubClient::publish(const char* topic, const uint8_t* payload, unsigned int plength, boolean retained) {

So it should perhaps read i < plength && length < buffSize
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dirkx