A possible buffer overflow in I2C equestFrom()? #813

New issue

Closed

#872

Closed

A possible buffer overflow in I2C equestFrom()?#813

#872

Assignees

Labels

bugSomething isn't working

Description

zapta

opened

on Dec 28, 2023

The relevant code is in the link below. The buffer size is 256 but the the method accepts a size_t len. What happens if len is greater than 256?

https://github.com/arduino/ArduinoCore-mbed/blob/main/libraries/Wire/Wire.cpp#L94

size_tarduino::MbedI2C::requestFrom(uint8_t address,size_t len,bool stopBit) {char buf[256];int ret = master->read(address <<1, buf, len, !stopBit);if (ret !=0) {return0;}for (size_t i=0; i<len; i++) {rxBuffer.store_char(buf[i]);}return len;}

Metadata

Assignees

iabdalkader

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

A possible buffer overflow in I2C equestFrom()? #813

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions