Skip to content

drivers: sensor: fcx_mldx5: Fix potential buffer overflow in UART frame #92992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 25, 2025
Merged

drivers: sensor: fcx_mldx5: Fix potential buffer overflow in UART frame #92992

merged 1 commit into from
Jul 25, 2025

Conversation

@sudarsan-22
Copy link
Contributor

@sudarsan-22 sudarsan-22 commented Jul 11, 2025

Fix Coverity issue CID 363738 (CWE-120): A potential buffer overflow could occur in fcx_mldx5_uart_send() due to unchecked memcpy() when copying command data into a fixed-size frame buffer.

This patch ensures that the length of the data being copied validated against the remaining buffer size to prevent overruns. Also replaces a redundant strlen() call with the precomputed cmd_data_len.

Fixes: #92634

@github-actions github-actions bot added the area: Sensors Sensors label Jul 11, 2025
jeppenodgaard
jeppenodgaard requested changes Jul 11, 2025
View reviewed changes
Copy link

@jeppenodgaard jeppenodgaard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the 3rd attempt to fix this Coverity issue:

This is the original issue:

In theory overflow can happen if a future PR adds a command with too much data, so checking the length can make sense.

@sudarsan-22
drivers: sensor: fcx_mldx5: Fix potential buffer overflow in UART frame
b522d57 
Fix Coverity issue CID 363738 (CWE-120): A potential buffer overflow could
occur in fcx_mldx5_uart_send() due to unchecked memcpy() when copying
command data into a fixed-size frame buffer.

This patch ensures that the length of the data being copied validated
against the remaining buffer size to prevent overruns. Also replaces a
redundant strlen() call with the precomputed cmd_data_len.

Fixes: zephyrproject-rtos#92634

Signed-off-by: sudarsan N <[email protected]>
@sudarsan-22 sudarsan-22 force-pushed the fix/fcx_mldx5-buffer-overflow-cid363738 branch from a91b6fe to b522d57 Compare July 11, 2025 08:40
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 11, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@kartben kartben merged commit 7312715 into zephyrproject-rtos:main Jul 25, 2025
25 checks passed
@sudarsan-22 sudarsan-22 deleted the fix/fcx_mldx5-buffer-overflow-cid363738 branch August 1, 2025 12:18
JarmouniA

This comment was marked as off-topic.

Sign in to view

@kartben
Copy link
Contributor

kartben commented Aug 8, 2025

@kartben @jeppenodgaard @MaureenHelm PR should be reverted, author Signed-off-by is missing complete last name
https://docs.zephyrproject.org/latest/contribute/guidelines.html#dco-sign-off

It is my understanding that it's a common practice in some regions in India that the full name is only single letter(s) so I don't really see an issue here. Don't forget that Zephyr is a global community :)

@sudarsan-22
Copy link
Contributor Author

sudarsan-22 commented Aug 8, 2025

@kartben @jeppenodgaard @MaureenHelm PR should be reverted, author Signed-off-by is missing complete last name
https://docs.zephyrproject.org/latest/contribute/guidelines.html#dco-sign-off

It is my understanding that it's a common practice in some regions in India that the full name is only single letter(s) so I don't really see an issue here. Don't forget that Zephyr is a global community :)

Thank you for pointing @kartben @JarmouniA .
I'd like to clarify that "Sudarsan N" is my full legal name as per my government-issued documents.
It is a common naming convention in my region (India) to use an initial for the family

@JarmouniA
Copy link
Contributor

JarmouniA commented Aug 8, 2025

@kartben @jeppenodgaard @MaureenHelm PR should be reverted, author Signed-off-by is missing complete last name
https://docs.zephyrproject.org/latest/contribute/guidelines.html#dco-sign-off

It is my understanding that it's a common practice in some regions in India that the full name is only single letter(s) so I don't really see an issue here. Don't forget that Zephyr is a global community :)

Thank you for pointing @kartben @JarmouniA . I'd like to clarify that "Sudarsan N" is my full legal name as per my government-issued documents. It is a common naming convention in my region (India) to use an initial for the family

Okey my mistake then, sorry for the noise.

@sudarsan-22 sudarsan-22 mentioned this pull request Aug 8, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JarmouniA JarmouniA JarmouniA left review comments

@jeppenodgaard jeppenodgaard jeppenodgaard approved these changes

@MaureenHelm MaureenHelm MaureenHelm approved these changes

@asemjonovs asemjonovs Awaiting requested review from asemjonovs

@avisconti avisconti Awaiting requested review from avisconti

@teburd teburd Awaiting requested review from teburd

@tristan-google tristan-google Awaiting requested review from tristan-google

@ubieda ubieda Awaiting requested review from ubieda

@yperess yperess Awaiting requested review from yperess

Assignees

@MaureenHelm MaureenHelm

Labels

area: Sensors Sensors

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Coverity CID: 363738] Copy into fixed size buffer in drivers/sensor/fcx_mldx5/fcx_mldx5.c

5 participants

@sudarsan-22 @kartben @JarmouniA @jeppenodgaard @MaureenHelm