Conversation
…WritePos type for better compatibility
| return false; | ||
| } | ||
| size_t payloadLen = length - payloadOffset; // safe: payloadOffset <= length guaranteed above | ||
| uint8_t* payload = _buffer + payloadOffset; |
There was a problem hiding this comment.
Hmm a bit hard to see by just browsing the code in the browser on GH, but shouldn't here also be some check against _bufferSize
There was a problem hiding this comment.
You are right, I forgot some checks
There was a problem hiding this comment.
No, not at that location handlePacket() can't be called without readPacket(). But I would suggest checking in loop(), with that nothing will ever be read.
There was a problem hiding this comment.
I proposed a solution, could you check if it is ok for you?
hmueller01
left a comment
There was a problem hiding this comment.
A first glimps over the changes ... lots of good stuff, but still a few changes.
…h and message ID in PubSubClient
…re adequate buffer size for MQTT packets
…ing buffer safety checks and memory management improvements
c3c8dc0 to
a9abbe0
Compare
0178b46 to
ccb047d
Compare
…ion for better clarityCorrection in changelog
|
@hmueller01 I think I finished the modification and ready for your final review if I'm right |
|
Memory usage change @ 2e44c48
Click for full report table
Click for full report CSV |
hmueller01
left a comment
There was a problem hiding this comment.
I proposed a solution, could you check if it is ok for you?
The change looks good for me!
|
Memory usage change @ 433923c
Click for full report table
Click for full report CSV |
| } else { | ||
| return false; | ||
| } | ||
| newBuffer = (uint8_t*)realloc(_buffer, size); |
There was a problem hiding this comment.
I was not sure, if the original buffer is still intact, if realloc fails. So I read the man ...
If realloc() fails the original block is left untouched; it is not freed or moved.
|
@MarcAntoineCRUE Somehow |
Summary
This merge request significantly improves the robustness and safety of the PubSubClient library, without changing its public API or breaking existing usage. All changes are fully covered by the test suite (57/57 tests passing).
Key Fixes
The buffer size and pointer are only updated after a successful allocation. If allocation fails, the previous buffer and size remain unchanged, preventing inconsistent internal state.
Rationale
These changes address potential edge cases that could lead to:
All fixes are implemented with minimal code changes and maintain full backward compatibility.