Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkg/paho-mqtt: fix memory corruption #17503

Merged
merged 1 commit into from
Jan 13, 2022
Merged

pkg/paho-mqtt: fix memory corruption #17503

merged 1 commit into from
Jan 13, 2022

Conversation

maribu
Copy link
Member

@maribu maribu commented Jan 11, 2022

Contribution description

This fixes instances where a pointer to an enum (possibly sized one byte) is casted to a pointer to int (which is at least two and in most cases four bytes in size). As result, out-of-bounds memory accesses are bound to happen.

This was detected by GCC 11.2.0 with -Wstringop-overflow.

Testing procedure

Green Murdock & pkg should still work as before

Issues/PRs references

Found in #17004

@maribu
pkg/paho-mqtt: fix memory corruption
6a138cc 
This fixes instances where a pointer to an enum (possibly sized one
byte) is casted to a pointer to int (which is at least two and in most
cases four bytes in size). As result, out-of-bounds memory accesses
are bound to happen.

This was detected by GCC 11.2.0 with -Wstringop-overflow.
@github-actions github-actions bot added Area: network Area: Networking Area: pkg Area: External package ports labels Jan 11, 2022
@maribu maribu added CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors) and removed Area: network Area: Networking labels Jan 11, 2022
@maribu maribu mentioned this pull request Jan 11, 2022
Open
@maribu
Copy link
Member Author

maribu commented Jan 11, 2022

Reported issue upstream: eclipse/paho.mqtt.embedded-c#233

Maybe upstream acts so promptly that we could just bump the version instead.

@maribu maribu merged commit c238c43 into RIOT-OS:master Jan 13, 2022
@maribu maribu deleted the pkg/paho-mqtt branch January 13, 2022 11:50
@fjmolinas fjmolinas added this to the Release 2022.01 milestone Jan 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benpicco benpicco benpicco approved these changes

Assignees
No one assigned
Labels
Area: pkg Area: External package ports CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors)
Projects
None yet
Milestone
Release 2022.01
Development

Successfully merging this pull request may close these issues.
3 participants
@maribu @benpicco @fjmolinas