Skip to content

[Coverity CID :197460]Integer handling issues in /samples/bluetooth/ipsp/src/main.c #14955

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
aasthagr opened this issue Mar 27, 2019 · 0 comments
Closed

[Coverity CID :197460]Integer handling issues in /samples/bluetooth/ipsp/src/main.c #14955

aasthagr opened this issue Mar 27, 2019 · 0 comments
Assignees
@tbursztyka @Vudentz
Labels
area: Bluetooth area: Samples Samples bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Milestone
v1.14.0

Comments

@aasthagr
Copy link
Collaborator

Static code scan issues seen in File: /samples/bluetooth/ipsp/src/main.c
Category: Integer handling issues
Function: tcp_received
Component: Samples
CID: 197460
Please fix or provide comments to square it off in coverity in the link: https://scan9.coverity.com/reports.htm#v32951/p12996
@aasthagr aasthagr added area: Samples Samples bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix labels Mar 27, 2019
@galak galak added area: Bluetooth priority: low Low impact/importance bug and removed area: Bluetooth labels Mar 27, 2019
@galak galak added this to the v1.14.0 milestone Mar 27, 2019
@jhedberg jhedberg assigned tbursztyka and Vudentz and unassigned jhedberg and carlescufi Mar 27, 2019
@jhedberg jhedberg mentioned this issue Mar 29, 2019
Merged
Vudentz added a commit to Vudentz/zephyr that referenced this issue Mar 29, 2019
@Vudentz
Bluetooth: ipsp: Fix not checking return of build_reply
9012799 
net_pkt_sendto uses size_t as parameter for len so the value would be
treat as unsigned which may cause and invalid memory to be read.

Fixes zephyrproject-rtos#14950 zephyrproject-rtos#14955

Signed-off-by: Luiz Augusto von Dentz <[email protected]>
jhedberg pushed a commit that referenced this issue Mar 29, 2019
@Vudentz @jhedberg
Bluetooth: ipsp: Fix not checking return of build_reply
58baad7 
net_pkt_sendto uses size_t as parameter for len so the value would be
treat as unsigned which may cause and invalid memory to be read.

Fixes #14950 #14955

Signed-off-by: Luiz Augusto von Dentz <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tbursztyka tbursztyka

@Vudentz Vudentz

Labels
area: Bluetooth area: Samples Samples bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Projects
None yet
Milestone
v1.14.0
Development

No branches or pull requests
6 participants
@jhedberg @tbursztyka @Vudentz @carlescufi @galak @aasthagr