Skip to content

Coverity fixes#562

Open
embhorn wants to merge 1 commit into
wolfSSL:masterfrom
embhorn:cov_fixes
Open

Coverity fixes#562
embhorn wants to merge 1 commit into
wolfSSL:masterfrom
embhorn:cov_fixes

Conversation

@embhorn

@embhorn embhorn commented Jul 14, 2026

Copy link
Copy Markdown
Member

Coverity flagged the return values of the network read functions as potentially overflowed. Each returns a byte count derived from a socket read, and the checker models that count as unbounded.

Clamp the returned value to the requested length on the success path, right before it is returned:

  • MqttPacket_Read: reject a socket read that exceeds remain_read.
  • MqttSocket_Read: clamp rc to buf_len.
  • NetRead_ex and the FreeRTOS NetRead variant: clamp rc to buf_len.

These bounds are already guaranteed by the read logic; the explicit clamps make them local to each return so the analysis can prove no overflow occurs.

Copilot AI review requested due to automatic review settings July 14, 2026 21:42
@embhorn embhorn self-assigned this Jul 14, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses Coverity findings around potentially unbounded return values from network read functions by adding explicit bounds checks/clamps so return values cannot exceed the requested read length.

Changes:

  • Clamp MqttSocket_Read’s returned byte count to buf_len on the success path.
  • In MqttPacket_Read, reject socket reads that return more bytes than requested (remain_read).
  • Clamp the example network read implementations’ returned byte count to buf_len.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
src/mqtt_socket.c Adds a final success-path clamp to keep MqttSocket_Read’s return value bounded by the requested length.
src/mqtt_packet.c Adds a defensive check that rejects oversized socket reads before using the result.
examples/mqttnet.c Adds success-path clamps to example NetRead/NetRead_ex return values for static-analysis friendliness.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread examples/mqttnet.c
Comment on lines 174 to 180
else {
rc = bytes;
/* Clamp to requested length so the return value cannot overflow */
if (rc > buf_len) {
rc = buf_len;
}
}

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #562

Scan targets checked: wolfmqtt-bugs, wolfmqtt-src

No new issues found in the changed files. ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants