zwave_api: Harden zwapi_connection.c by checking snprintf

rzr · github-advanced-security[bot] · rzr · commit 8d3f3a96aa0f · 2025-05-27T15:24:40.000+02:00
Checking snprintf results, reminder : If the output was truncated due to this limit, then the return value is the number of characters (excluding the terminating null byte) which would have been written to the final string if enough space had been available This was found using CodeQL: Potential fix for code scanning alert no. 19: Potentially overflowing call to snprintf More refactoring can be done in later change Relate-to: SiliconLabsSoftware#100 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Philippe Coval <philippe.coval@silabs.com>
diff --git a/applications/zpc/components/zwave_api/src/zwapi_connection.c b/applications/zpc/components/zwave_api/src/zwapi_connection.c
@@ -11,6 +11,7 @@
  *
  *****************************************************************************/
 
+#include <assert.h>
 #include <string.h>
 #include "zwapi_connection.h"
 #include "zwapi_serial.h"
@@ -45,19 +46,44 @@ static const char *zwapi_frame_to_string(const uint8_t *buffer,
 {
   static char message[1000] = {'\0'};
   uint16_t index            = 0;
+  int written               = 0;
   for (uint16_t i = 0; i < buffer_length; i++) {
     if (i == 0) {
       // Don't log the SOF byte.
       continue;
     } else if (i == 1) {
-      index += snprintf(message + index, sizeof(message) - index, "Length=");
+      written = snprintf(message + index, sizeof(message) - index, "Length=");
+      if (written < 0 || written >= sizeof(message) - index) {
+        sl_log_error(LOG_TAG, "Overflow in zwapi_frame_to_string\n");
+        assert(false);
+        return NULL;
+      }
+      index += written;
     } else if (i == 2) {
-      index += snprintf(message + index, sizeof(message) - index, "Type=");
+      written = snprintf(message + index, sizeof(message) - index, "Type=");
+      if (written < 0 || written >= sizeof(message) - index) {
+        sl_log_error(LOG_TAG, "Overflow in zwapi_frame_to_string\n");
+        assert(false);
+        return NULL;
+      }
+      index += written;
     } else if (i == 3) {
-      index += snprintf(message + index, sizeof(message) - index, "Cmd=");
+      written = snprintf(message + index, sizeof(message) - index, "Cmd=");
+      if (written < 0 || written >= sizeof(message) - index) {
+        sl_log_error(LOG_TAG, "Overflow in zwapi_frame_to_string\n");
+        assert(false);
+        return NULL;
+      }
+      index += written;
+    }
+    written
+      = snprintf(message + index, sizeof(message) - index, "%02X ", buffer[i]);
+    if (written < 0 || written >= sizeof(message) - index) {
+      sl_log_error(LOG_TAG, "Overflow in zwapi_frame_to_string\n");
+      assert(false);
+      return NULL;
     }
-    index
-      += snprintf(message + index, sizeof(message) - index, "%02X ", buffer[i]);
+    index += written;
   }
   return message;
 }
