Hi, I've ran some static code analysis on the project and noticed the following code snippet in examples/oterm/oterm_handler.c:263:
const char random_chars[] = "0123456789abcdef-";
for (i = 0; i < sizeof(oterm->uuid) - 1; i++) {
oterm->uuid[i] = random_chars[rand() % sizeof(random_chars)];
}
oterm->uuid is defined as char uuid[37];. Because we are using rand() % sizeof(random_chars) instead of rand() % strlen(random_chars), that would mean the code can also get the '\0' character from the end of the random_chars C-string. Wouldn't that effectively mean that the oterm->uuid C-string can have less than 36 characters (because there would be a '\0' in the middle) ?
No, its not the intended behaviour, it should be a sizeof()-1 (better than strlen, as its guaranteed to be be known at compile time). Can you make a pull request with the change?
Hi, I've ran some static code analysis on the project and noticed the following code snippet in
examples/oterm/oterm_handler.c:263
:oterm->uuid
is defined aschar uuid[37];
. Because we are usingrand() % sizeof(random_chars)
instead ofrand() % strlen(random_chars)
, that would mean the code can also get the'\0'
character from the end of therandom_chars
C-string. Wouldn't that effectively mean that theoterm->uuid
C-string can have less than 36 characters (because there would be a'\0'
in the middle) ?Is this the intended behaviour?