Skip to content

drivers: sensor: fcx_mldx5: Fix potential buffer overflow in UART frame #92992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 25, 2025
Merged

drivers: sensor: fcx_mldx5: Fix potential buffer overflow in UART frame #92992

merged 1 commit into from
Jul 25, 2025
+8 −2

Conversation

sudarsan-22
Copy link
Contributor

Fix Coverity issue CID 363738 (CWE-120): A potential buffer overflow could occur in fcx_mldx5_uart_send() due to unchecked memcpy() when copying command data into a fixed-size frame buffer.

This patch ensures that the length of the data being copied validated against the remaining buffer size to prevent overruns. Also replaces a redundant strlen() call with the precomputed cmd_data_len.

Fixes: #92634

@github-actions github-actions bot added the area: Sensors Sensors label Jul 11, 2025
jeppenodgaard
jeppenodgaard requested changes Jul 11, 2025
View reviewed changes
Copy link

@jeppenodgaard jeppenodgaard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the 3rd attempt to fix this Coverity issue:

This is the original issue:

In theory overflow can happen if a future PR adds a command with too much data, so checking the length can make sense.

@sudarsan-22
drivers: sensor: fcx_mldx5: Fix potential buffer overflow in UART frame
b522d57 
Fix Coverity issue CID 363738 (CWE-120): A potential buffer overflow could
occur in fcx_mldx5_uart_send() due to unchecked memcpy() when copying
command data into a fixed-size frame buffer.

This patch ensures that the length of the data being copied validated
against the remaining buffer size to prevent overruns. Also replaces a
redundant strlen() call with the precomputed cmd_data_len.

Fixes: zephyrproject-rtos#92634

Signed-off-by: sudarsan N <[email protected]>
@sudarsan-22 sudarsan-22 force-pushed the fix/fcx_mldx5-buffer-overflow-cid363738 branch from a91b6fe to b522d57 Compare July 11, 2025 08:40
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@kartben kartben merged commit 7312715 into zephyrproject-rtos:main Jul 25, 2025
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeppenodgaard jeppenodgaard jeppenodgaard approved these changes

@MaureenHelm MaureenHelm MaureenHelm approved these changes

@asemjonovs asemjonovs Awaiting requested review from asemjonovs

@avisconti avisconti Awaiting requested review from avisconti

@teburd teburd Awaiting requested review from teburd

@tristan-google tristan-google Awaiting requested review from tristan-google

@ubieda ubieda Awaiting requested review from ubieda

@yperess yperess Awaiting requested review from yperess

Assignees

@MaureenHelm MaureenHelm

Labels
area: Sensors Sensors
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Coverity CID: 363738] Copy into fixed size buffer in drivers/sensor/fcx_mldx5/fcx_mldx5.c
4 participants
@sudarsan-22 @jeppenodgaard @MaureenHelm @kartben