From fac3fd5a99d3d384e8737789bd09ed07a164eabf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Szczygie=C5=82?= Date: Fri, 12 Sep 2025 11:58:54 +0200 Subject: [PATCH 1/4] SonarQube findings resolution MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit "volatile" types should not be used in compound operations Issue link: https://sonarcloud.io/project/issues?open=AZWum4f1vizSu0tgQ8GT&id=nrfconnect_sdk-mcuboot Ref: NCSDK-35334 Signed-off-by: Adam Szczygieł --- boot/bootutil/include/bootutil/fault_injection_hardening.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/boot/bootutil/include/bootutil/fault_injection_hardening.h b/boot/bootutil/include/bootutil/fault_injection_hardening.h index fdf01b539..94e7dc70e 100644 --- a/boot/bootutil/include/bootutil/fault_injection_hardening.h +++ b/boot/bootutil/include/bootutil/fault_injection_hardening.h @@ -160,7 +160,9 @@ int fih_delay(void) delay = fih_delay_random_uchar(); - for (volatile int i = 0; i < delay; i++) { + for (volatile int i = 0; i < delay;) { + int tmp = i; + i = tmp + 1; foo++; } From 13899cfb733bd49e8ffe82f376100716f1dcc18d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Szczygie=C5=82?= Date: Fri, 12 Sep 2025 13:50:49 +0200 Subject: [PATCH 2/4] SonarQube findings resolution MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Accessing sequence elements should not trigger an IndexError. Issue link: https://sonarcloud.io/project/issues?open=AZedPVgw78lmM2RicPGW&id=nrfconnect_sdk-mcuboot Ref: NCSDK-35334 Signed-off-by: Adam Szczygieł --- scripts/imgtool/boot_record.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/imgtool/boot_record.py b/scripts/imgtool/boot_record.py index fb98b2eab..81efca51f 100644 --- a/scripts/imgtool/boot_record.py +++ b/scripts/imgtool/boot_record.py @@ -47,6 +47,8 @@ def create_sw_component_data(sw_type, sw_version, sw_measurement_description, # Note: The measurement value must be the last item of the property # list because later it will be modified by the bootloader. - last_key = list(properties.keys())[-1] + keys = list(properties.keys()) + assert len(keys) > 0 + last_key = keys[-1] assert SwComponent.MEASUREMENT_VALUE == last_key, 'Measurement value is not the last item of the property list' return dumps(properties) From 8b6b2dc80a9848d32a26a957db03d20170eaa412 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Szczygie=C5=82?= Date: Fri, 12 Sep 2025 13:53:20 +0200 Subject: [PATCH 3/4] SonarQube findings resolution MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Identical sub-expressions on both sides of operator "||". Issue link: https://sonarcloud.io/project/issues?open=AZWum43evizSu0tgQ8Kq&id=nrfconnect_sdk-mcuboot Ref: NCSDK-35334 Signed-off-by: Adam Szczygieł --- boot/zcbor/src/zcbor_decode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zcbor/src/zcbor_decode.c b/boot/zcbor/src/zcbor_decode.c index 841c34171..29da902a0 100644 --- a/boot/zcbor/src/zcbor_decode.c +++ b/boot/zcbor/src/zcbor_decode.c @@ -926,7 +926,7 @@ bool zcbor_unordered_map_search(zcbor_decoder_t key_decoder, zcbor_state_t *stat } /* Skip over both the key and the value. */ - if (!zcbor_any_skip(state, NULL) || !zcbor_any_skip(state, NULL)) { + if (!zcbor_any_skip(state, NULL)) { goto error; } } while (state->elem_count != elem_count); From b0f9777e1cb737e5af474988cb2736e976947d09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Szczygie=C5=82?= Date: Fri, 12 Sep 2025 14:01:39 +0200 Subject: [PATCH 4/4] SonarQube findings resolution MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Access of 'unsigned char' element in 'buf' at an overflowing index Issue link: https://sonarcloud.io/project/issues?open=AZWum4_vvizSu0tgQ8Mw&id=nrfconnect_sdk-mcuboot Ref: NCSDK-35334 Signed-off-by: Adam Szczygieł --- boot/boot_serial/src/boot_serial_encryption.c | 1 + 1 file changed, 1 insertion(+) diff --git a/boot/boot_serial/src/boot_serial_encryption.c b/boot/boot_serial/src/boot_serial_encryption.c index 60ad587cb..261d4383f 100644 --- a/boot/boot_serial/src/boot_serial_encryption.c +++ b/boot/boot_serial/src/boot_serial_encryption.c @@ -182,6 +182,7 @@ decrypt_region_inplace(struct boot_loader_state *state, blk_sz = tlv_off - (off + bytes_copied); } } + assert(idx < sz); boot_enc_decrypt(BOOT_CURR_ENC(state), slot, (off + bytes_copied + idx) - hdr->ih_hdr_size, blk_sz, blk_off, &buf[idx]);