IoTHubDeviceClient_LL_UploadMultipleBlocksToBlob() segfaults.

[ASeidelt]

SDK Version (Please Give Commit SHA if Manually Compiling)

Version LTS_08_2023 aka 1.11.0

Describe the Bug

When running/compiling Azure IoT C SDK on an embedded system with newlib as C library, calling IoTHubDeviceClient_LL_UploadMultipleBlocksToBlob() segfaults.

The reason could be traced to the following locations:

When formatting the response in line https://github.com/Azure/azure-iot-sdk-c/blob/97fef570416467598100b782ef27ceadad9ca796/iothub_client/src/iothub_client_ll_uploadtoblob.c#L1060 STRING_construct_sprintf() is called with responseMessage == NULL.

Passing NULL to printf() is undefined behavior.

This is because https://github.com/Azure/azure-iot-sdk-c/blob/97fef570416467598100b782ef27ceadad9ca796/iothub_client/src/iothub_client_core_ll.c#L2909 passes NULL as the last parameter.

Suggested fix:

Either pass a meaningful message (uploadSucceeded ? "HTTP success" : "HTTP failure") or an empty string ("").

[ewertons]

@ASeidelt , this is an excellent bug description! Thank you. The fix is to use the following:

        STRING_HANDLE response = STRING_construct_sprintf(RESPONSE_BODY_FORMAT,
                                                    uploadCorrelationId,
                                                    isSuccess ? RESPONSE_BODY_SUCCESS_BOOLEAN_STRING : RESPONSE_BODY_ERROR_BOOLEAN_STRING,
                                                    responseCode,
                                                    responseMessage != NULL ? responseMessage : EMPTY_STRING);

A PR will be out soon with the fix.

[ewertons]

Fixed. Thank you @ASeidelt .

[ASeidelt]

Thanks for the fast response/fix.

Will this also be fixed in the LTS_08_2023 branch? Will there be a V1.11.1?

[ericwolz]

This fix will be in the next LTS release later this month.