[Coverity CID: 240699] Out-of-bounds access in tests/bluetooth/tester/src/l2cap.c

[zephyrbot]

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/c0fcd35531611bbe35376c62a9e50744d6904940/tests/bluetooth/tester/src/l2cap.c#L145

Category: Memory - corruptions
Function: reconfigured_cb
Component: Tests
CID: 240699

Details:

zephyr/tests/bluetooth/tester/src/l2cap.c

Line 145 in c0fcd35

(void)memset(&ev, 0, sizeof(struct l2cap_disconnected_ev));

139     
140     static void reconfigured_cb(struct bt_l2cap_chan *l2cap_chan)
141     {
142      struct l2cap_reconfigured_ev ev;
143      struct channel *chan = CONTAINER_OF(l2cap_chan, struct channel, le);
144     
>>>     CID 240699:  Memory - corruptions  (OVERRUN)
>>>     Overrunning struct type l2cap_reconfigured_ev of 9 bytes by passing it to a function which accesses it at byte offset 11 using argument "12U". [Note: The source code implementation of the function has been overridden by a builtin model.]
145      (void)memset(&ev, 0, sizeof(struct l2cap_disconnected_ev));
146     
147      ev.chan_id = chan->chan_id;
148      ev.mtu_remote = sys_cpu_to_le16(chan->le.tx.mtu);
149      ev.mps_remote = sys_cpu_to_le16(chan->le.tx.mps);
150      ev.mtu_local = sys_cpu_to_le16(chan->le.rx.mtu);

For more information about the violation, check the Coverity Reference. (CWE-119)

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v29271/p12996

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.

[joerchan]

@sjanc Didn't you already fix this?

[sjanc]

yes, that one is already fixed

[sjanc]

#39676

[carlescufi]

Marked as fixed in Coverity.