Coverity fixes#562
Open
embhorn wants to merge 1 commit into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
This PR addresses Coverity findings around potentially unbounded return values from network read functions by adding explicit bounds checks/clamps so return values cannot exceed the requested read length.
Changes:
- Clamp
MqttSocket_Read’s returned byte count tobuf_lenon the success path. - In
MqttPacket_Read, reject socket reads that return more bytes than requested (remain_read). - Clamp the example network read implementations’ returned byte count to
buf_len.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/mqtt_socket.c | Adds a final success-path clamp to keep MqttSocket_Read’s return value bounded by the requested length. |
| src/mqtt_packet.c | Adds a defensive check that rejects oversized socket reads before using the result. |
| examples/mqttnet.c | Adds success-path clamps to example NetRead/NetRead_ex return values for static-analysis friendliness. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
174
to
180
| else { | ||
| rc = bytes; | ||
| /* Clamp to requested length so the return value cannot overflow */ | ||
| if (rc > buf_len) { | ||
| rc = buf_len; | ||
| } | ||
| } |
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #562
Scan targets checked: wolfmqtt-bugs, wolfmqtt-src
No new issues found in the changed files. ✅
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Coverity flagged the return values of the network read functions as potentially overflowed. Each returns a byte count derived from a socket read, and the checker models that count as unbounded.
Clamp the returned value to the requested length on the success path, right before it is returned:
These bounds are already guaranteed by the read logic; the explicit clamps make them local to each return so the analysis can prove no overflow occurs.