Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID: 487692] Overflowed array index write in subsys/lorawan/services/clock_sync.c #84720

Open
zephyrbot opened this issue Jan 28, 2025 · 0 comments · May be fixed by #84912
Open

[Coverity CID: 487692] Overflowed array index write in subsys/lorawan/services/clock_sync.c #84720

zephyrbot opened this issue Jan 28, 2025 · 0 comments · May be fixed by #84912
Assignees
@JordanYates
Labels
area: LoRa bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: high High impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/f0d0264c057255c60e91e422406f47a7b87d8a8a/subsys/lorawan/services/clock_sync.c

Category: Memory - corruptions
Function: clock_sync_package_callback
Component: Other
CID: 487692

Details:

https://github.com/zephyrproject-rtos/zephyr/blob/f0d0264c057255c60e91e422406f47a7b87d8a8a/subsys/lorawan/services/clock_sync.c

Please fix or provide comments in coverity using the link:

https://scan9.scan.coverity.com/#/project-view/29271/12996?selectedIssue=487692

For more information about the violation, check the Coverity Reference. (CWE-190)

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the MAINTAINERS file.
@zephyrbot zephyrbot added area: LoRa bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: high High impact/importance bug labels Jan 28, 2025
JordanYates added a commit to Embeint/zephyr that referenced this issue Jan 30, 2025
@JordanYates
lorawan: clock_sync: assert instead of error code
bb01eae 
Assert that the size provided to `clock_sync_serialize_device_time` is
sufficient, instead of returning an error code. The condition is already
enforced by the calling code, and returning an error code is incorrect
when the return code is unconditionally being used to increment the
buffer offset by callers.

Fixes zephyrproject-rtos#84720.

Signed-off-by: Jordan Yates <[email protected]>
@JordanYates JordanYates linked a pull request Jan 30, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JordanYates JordanYates

Labels
area: LoRa bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: high High impact/importance bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

lorawan: clock_sync: assert instead of error code Embeint/zephyr
2 participants
@JordanYates @zephyrbot