New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

内存边界不为0,使用strlen读取长度不正确 #33

Open

ZHANGHSING opened this issue Jun 1, 2019 · 1 comment

ZHANGHSING commented Jun 1, 2019 •

edited by aozima

Loading

onenet_mqtt.c - L: 404

   *out_buff = ONENET_MALLOC(strlen(msg_str) + 3);
    if (!(*out_buff))
    {
        LOG_E("ONENET mqtt upload string data failed! No memory for send buffer!");
        return -RT_ENOMEM;
    }

    strncpy(&(*out_buff)[3], msg_str, strlen(msg_str));
    *length = strlen(&(*out_buff)[3]);

*length 如此使用strlen存在很大隐藏风险

HongWLiu commented May 26, 2021

软件包貌似一直没有更新，看来要学习下怎么提交PR。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment