Skip to content

Fuzzing#1163

Open
Atchaya-Sivagnanam wants to merge 8 commits into
rdkcentral:developfrom
Atchaya-Sivagnanam:fuzzing
Open

Fuzzing#1163
Atchaya-Sivagnanam wants to merge 8 commits into
rdkcentral:developfrom
Atchaya-Sivagnanam:fuzzing

Conversation

@Atchaya-Sivagnanam
Copy link
Copy Markdown

@Atchaya-Sivagnanam Atchaya-Sivagnanam commented Jun 3, 2026

RDKB-64403 Fix memory issue found by libFuzzer

Reason for change: Fix memory issue identified through fuzz testing.
Test Procedure: Debug
Priority: P1
Risks: Low
Signed-off-by: Atchaya Sivagnanam Atchaya_Sivagnanam@comcast.com

@Atchaya-Sivagnanam
RDKB-64403 Fix memory issue found by libFuzzer
7c6dc1e 
Reason for change: Fix memory issue identified through fuzz testing.
Test Procedure: Debug
Priority: P1
Risks: Low
Signed-off-by: Atchaya Sivagnanam Atchaya_Sivagnanam@comcast.com
@Atchaya-Sivagnanam
RDKB-64403 Fix memory issue found by libFuzzer
0d34ad5 
Reason for change: Fix memory issue identified through fuzz testing.
Test Procedure: Debug
Priority: P1
Risks: Low
Signed-off-by: Atchaya Sivagnanam Atchaya_Sivagnanam@comcast.com
@Atchaya-Sivagnanam
Merge branch 'rdkcentral:develop' into fuzzing
1d580cd
@Atchaya-Sivagnanam
Merge branch 'rdkcentral:develop' into fuzzing
57978f3
@Atchaya-Sivagnanam
Merge branch 'rdkcentral:develop' into fuzzing
045986b
Copilot AI review requested due to automatic review settings June 3, 2026 10:54
@Atchaya-Sivagnanam Atchaya-Sivagnanam requested a review from a team as a code owner June 3, 2026 10:54
Copilot AI reviewed Jun 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses multiple memory-safety issues surfaced by libFuzzer across the webconfig encoder/decoder and WiFi monitor/stats code paths, primarily by bounding string handling and fixing off-by-one / bounds checks.

Changes:

  • Add bounded helpers in wifi_encoder.c to avoid unbounded strlen()/string reads on fixed-size char arrays and harden ChannelAvailability string building.
  • Harden decoders/monitors with safer copies (snprintf), index bounds checks, and corrected comparisons (>= vs >).
  • Adjust WiFi API radio subdoc decode initialization behavior.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
source/webconfig/wifi_webconfig_wifiapi_radio.c Alters decoded-params initialization during wifiapi radio subdoc decode.
source/webconfig/wifi_encoder.c Introduces bounded string helpers; tightens buffer building; adds NULL checks; updates multiple JSON string encodes.
source/webconfig/wifi_decoder.c Avoids writing into cJSON-owned buffers, adds bounds checks, and replaces unsafe strcpy with snprintf in several decodes.
source/stats/wifi_stats_radio_temperature.c Fixes radio index upper-bound check (>=).
source/stats/wifi_stats_radio_diagnostics.c Fixes radio index upper-bound check (>=).
source/stats/wifi_stats_radio_channel.c Fixes radio index upper-bound check (>=).
source/stats/wifi_stats_neighbor_report.c Fixes radio index upper-bound check (>=).
source/stats/wifi_monitor.c Adds index bounds check for stats enable array, fixes formatting/copy bounds, and corrects loop upper bound.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread source/webconfig/wifi_webconfig_wifiapi_radio.c
Comment thread source/webconfig/wifi_encoder.c
Comment thread source/webconfig/wifi_encoder.c
Comment thread source/webconfig/wifi_encoder.c
Comment thread source/webconfig/wifi_encoder.c
Comment thread source/webconfig/wifi_decoder.c
Comment thread source/webconfig/wifi_decoder.c
vlad-safonov
vlad-safonov reviewed Jun 3, 2026
View reviewed changes
Comment thread source/webconfig/wifi_decoder.c
@Atchaya-Sivagnanam
Merge branch 'rdkcentral:develop' into fuzzing
fcb1a59
@Atchaya-Sivagnanam
RDKB-64403 Fix memory issue found by libFuzzer
ebc65e1 
Reason for change: Fix memory issue identified through fuzz testing.
Test Procedure: Debug
Priority: P1
Risks: Low
Signed-off-by: Atchaya Sivagnanam Atchaya_Sivagnanam@comcast.com
Copilot AI review requested due to automatic review settings June 4, 2026 07:24
Copilot AI reviewed Jun 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Comment thread source/webconfig/wifi_encoder.c
Comment thread source/stats/wifi_monitor.c
Comment on lines +1367 to 1370
for(UINT apIndex = 0; apIndex < getTotalNumberVAPs(); apIndex++)
{
UINT vap_index = VAP_INDEX(mgr->hal_cap, apIndex);
UINT radio = RADIO_INDEX(mgr->hal_cap, apIndex);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@vlad-safonov vlad-safonov vlad-safonov left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Atchaya-Sivagnanam @vlad-safonov