add checks for pOtaBuffer to be non_null #402
Conversation
| } | ||
| else | ||
| { | ||
| LogError( ( "Error: Thing name is too long.\r\n" ) ); | ||
| uint32_t strLength = ( uint32_t ) ( strlen( ( const char * ) pThingName ) ); |
There was a problem hiding this comment.
The signature of this function should be updated from:
OtaErr_t OTA_Init( OtaAppBuffer_t * pOtaBuffer,
const OtaInterfaces_t * pOtaInterfaces,
const uint8_t * pThingName,
OtaAppCallback_t OtaAppCallback )
to
OtaErr_t OTA_Init( OtaAppBuffer_t * pOtaBuffer,
const OtaInterfaces_t * pOtaInterfaces,
const char * pThingName,
OtaAppCallback_t OtaAppCallback )
if pThingName is indeed a null-terminated string.
| LogError( ( "Error: Thing name is too long.\r\n" ) ); | ||
| uint32_t strLength = ( uint32_t ) ( strlen( ( const char * ) pThingName ) ); | ||
|
|
||
| if( strLength <= otaconfigMAX_THINGNAME_LEN ) |
There was a problem hiding this comment.
This could be simplified to
if( strnlen( pThingName, otaconfigMAX_THINGNAME_LEN + 1 ) <= otaconfigMAX_THINGNAME_LEN )
{
(void) strncpy( otaAgent.pThingName, pThingName, otaconfigMAX_THINGNAME_LEN );
}
else
{
LogError("...");
returnStatus = xxx;
}
| } | ||
| else | ||
| { | ||
| LogError( ( "Error: Thing name is too long.\r\n" ) ); |
There was a problem hiding this comment.
Shouldn't returnStatus be set to a particular value here?
There was a problem hiding this comment.
| LogError( ( "Error: Thing name is too long.\r\n" ) ); | |
| LogError( ( "Error: Thing name is too long." ) ); |
| */ | ||
| ( void ) memcpy( otaAgent.pThingName, pThingName, strLength + 1UL ); | ||
| returnStatus = OtaErrNone; | ||
| LogError( ( "Error: Thing name is NULL.\r\n" ) ); |
There was a problem hiding this comment.
| LogError( ( "Error: Thing name is NULL.\r\n" ) ); | |
| LogError( ( "Error: Thing name is NULL." ) ); | |
| returnStatus = OtaErrInvalidArg; |
LogError messages don't include an \r\n in the rest of this file.
| { | ||
| LogError( ( "Error: Thing name is NULL.\r\n" ) ); | ||
| LogError( ( "Error: pOtaBuffer is NULL.\r\n" ) ); |
There was a problem hiding this comment.
| LogError( ( "Error: pOtaBuffer is NULL.\r\n" ) ); | |
| LogError( ( "Error: pOtaBuffer is NULL." ) ); |
| { | ||
| LogError( ( "Error: Thing name is NULL.\r\n" ) ); | ||
| LogError( ( "Error: pOtaBuffer is NULL.\r\n" ) ); | ||
| } |
There was a problem hiding this comment.
| } | |
| returnStatus = OtaErrInvalidArg; | |
| } |
| { | ||
| LogError( ( "Error: Thing name is NULL.\r\n" ) ); | ||
| LogError( ( "Error: pOtaBuffer is NULL.\r\n" ) ); | ||
| } | ||
| else |
There was a problem hiding this comment.
| else | |
| if( returnStatus == OtaErrNone ) |
| { | ||
| OtaAppBuffer_t * otaAppBuffer = NULL; | ||
|
|
||
| OTA_Init( otaAppBuffer, |
There was a problem hiding this comment.
Return value of OTA_Init should be checked ( Should be OtaErrInvalidArg right? ).
There was a problem hiding this comment.
Based on the current implementation of the function OTA_Init only returns two values. If there are no errors during the initialization of the agent then it returns OtaErrNone and OtaErrUninitialized otherwise.
| */ | ||
| ( void ) memcpy( otaAgent.pThingName, pThingName, strLength + 1UL ); | ||
| returnStatus = OtaErrNone; | ||
| LogError( ( "Error: Thing name is NULL.\r\n" ) ); | ||
| } | ||
| else |
There was a problem hiding this comment.
This could be turned into an if / else if / else set of statements to improve readability.
| @@ -3094,9 +3094,6 @@ OtaErr_t OTA_Init( OtaAppBuffer_t * pOtaBuffer, | |||
| */ | |||
| otaAgent.pOtaInterface = pOtaInterfaces; | |||
There was a problem hiding this comment.
Is pOtaInterfaces allowed to be null?
There was a problem hiding this comment.
Yes, pOtaInterfaces can be NULL. There is a conditional statement in OTA_EventProcessingTask function which checks if the pOtaInterfaces are NULL, if they are then the OTA agent would throws an error.
There was a problem hiding this comment.
Why not return an error if the parameter is invalid?
| @@ -3094,9 +3094,6 @@ OtaErr_t OTA_Init( OtaAppBuffer_t * pOtaBuffer, | |||
| */ | |||
| otaAgent.pOtaInterface = pOtaInterfaces; | |||
|
|
|||
| /* Initialize application buffers. */ | |||
| initializeAppBuffers( pOtaBuffer ); | |||
|
|
|||
| /* Initialize local buffers. */ | |||
| initializeLocalBuffers(); | |||
|
|
|||
There was a problem hiding this comment.
is OtaAppCallback allowed to be NULL?
OTA_Initis a public function and a user can pass NULL value topOtaBufferwhich can result inNULLpointer de-referencing ininitializeAppBuffersfunction.Description
This PR adds checks such that if NULL value is passed to pOtaBuffer then the otaAgent would not run and display error in the logs indicating the
NULLpointer in pOtaBuffer.Checklist:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.