Fix memory corruption vulnerabilities in instrumentation subsystem

[Copilot]

Description

Fixes three memory corruption vulnerabilities in the instrumentation subsystem:

1. Missing null-termination after strncpy operations

save_context() copies thread names using k_thread_name_copy() (which internally uses strncpy) and direct strncpy() calls without ensuring null termination. When thread names equal or exceed CONFIG_THREAD_MAX_NAME_LEN, the buffer lacks a null terminator, causing undefined behavior on subsequent reads.

Fix: Explicit null termination after both copy operations.

2. Integer underflow in call depth tracking

pop_callee_timestamp() unconditionally decrements the uint16_t call_depth field. Spurious or unbalanced function exits cause underflow (0 → 65535), corrupting profiling state and breaking depth tracking logic.

Fix: Guard decrement with zero check, increment unbalanced counter for diagnostics.

3. Ring buffer size mismatch

Ring buffer initialized with sizeof(instr_buffer) = CONFIG_SIZE + 1 instead of configured size. Users requesting N bytes receive N+1, wasting memory and violating configuration contract.

Fix: Initialize with CONFIG_INSTRUMENTATION_MODE_CALLGRAPH_TRACE_BUFFER_SIZE directly.

Testing

No existing tests cover this subsystem. Validation performed through code review and static analysis.

Documentation

No documentation changes required.

Installation

No installer impact.

Original prompt

identify and fix memory corruption issues in instrumentation subsystem
look thoroughly, there may be more than one

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.