Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mqtt.cpp createFullTopicStr() #6

Closed
WSchimi opened this issue Nov 22, 2021 · 2 comments
Closed

mqtt.cpp createFullTopicStr() #6

WSchimi opened this issue Nov 22, 2021 · 2 comments

Comments

@WSchimi
Copy link

WSchimi commented Nov 22, 2021

Hi Pina,

mqtt.cpp line 78: (fullTopicStr + topicLen+1) = 0; // <-- the 0 is OUT OF ALLOCATED MEMORY!
see allocation at line 74: char fullTopicStr = (char*) calloc(topicLen+1, sizeof(char));

proposal for line 78: fullTopicStr[topicLen] = '\0';

Best regards
Walter
pinae added a commit that referenced this issue Nov 26, 2021
@pinae
Zero byte instead of zero integer
2e03894 
This is a really good suggestion from @WSchimi in #6 
Thanks!
pinae added a commit that referenced this issue Nov 26, 2021
@pinae
Zero byte instead of zero integer
e2e232a 
This is a really good suggestion from @WSchimi in #6 
Thanks!
@pinae
Copy link
Owner

pinae commented Nov 26, 2021

I accepted your suggestion. Thank You for the help!

@pinae pinae closed this as completed Nov 26, 2021
@WSchimi
Copy link
Author

WSchimi commented Nov 27, 2021
edited
Loading

Hi Pina,

mqtt.cpp line 78: (fullTopicStr + topicLen+1) = 0; // <-- the 0 is OUT OF ALLOCATED MEMORY! see allocation at line 74: char fullTopicStr = (char*) calloc(topicLen+1, sizeof(char));

proposal for line 78: fullTopicStr[topicLen] = '\0';

Best regards Walter

Hi Pina,
the ERROR IS NOT FIXED!
The code "(fullTopicStr + topicLen+1) = " writes 1 Byte behind the allocated memory!
Allocation code: "char* fullTopicStr = (char*) calloc(topicLen+1, sizeof(char));"
The management data of the pool or other important data may already be stored there.

Example: topicLen = 20:
-> 21 Bytes are allocated (from Byte *(fullTopicStr+0) till *(fullTopicStr+20) or *(fullTopicStr + topicLen))
-> "(fullTopicStr + topicLen+1) = '\0' writes at Byte 21 behind memory at pointer *fullTopicStr
-> my proposal for line 78: fullTopicStr[topicLen] = '\0'; or *(fullTopicStr + topicLen) = '\0';

Best regards Walter

@WSchimi WSchimi mentioned this issue Nov 27, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pinae @WSchimi