search

ots-m2m / sew-lwm2m-reference-design

A reference implementation of the South East Water LWM2M water meter design
Mozilla Public License 2.0
7 stars 0 forks source link

prv_parseNumber() has integer overflow in result #4

Open mofosyne opened 7 years ago

mofosyne commented 7 years ago

The corrected code is below.

When result is int. Then there is an overflow in 16bit devices. This will need to be pushed to upstream to wakama public repo via standard submission process.

Also should investigate if uriString[*headP] != '/' is correc. Check if prv_parseNumber() get uriString with / as the break char.

static int prv_parseNumber(uint8_t * uriString,
                            size_t uriLength,
                            size_t * headP)
{
    uint32_t result = 0;

    if (uriString[*headP] == '/')
    {
        // empty Object Instance ID with resource ID is not allowed
        return -1;
    }

    while (*headP < uriLength && uriString[*headP] != '/')
    {
        if ('0' <= uriString[*headP] && uriString[*headP] <= '9')
        {
            result += uriString[*headP] - '0';
            result *= 10;
        }
        else
        {
            return -1;
        }
        *headP += 1;
    }

    result /= 10;
    return result;
}
mofosyne commented 7 years ago

Close this issue once the fix has been pushed to wakama repo