Fix Klocwork#2051,2060: Array may be outside index

Kevin Moloney · Kevin Moloney · commit afcc4efd16a7 · 2015-11-05T12:33:33.000Z
* Added check to ensure _data_len is within index values. * Had to repeat the branch statement rather than move it because of memcpy. * Fixed bug introduced(c8ecd5f) in WString.h when "len" became protected. Signed-off-by: Kevin Moloney <kevin.moloney@emutex.com>
diff --git a/libraries/CurieBle/src/BleCharacteristic.cpp b/libraries/CurieBle/src/BleCharacteristic.cpp
@@ -165,7 +165,7 @@ BleCharacteristic::_setValue(void)
     if (!_initialised)
         return BLE_STATUS_WRONG_STATE;
 
-    if (_data_len > _char_data.max_len)
+    if ((_data_len > BLE_MAX_ATTR_DATA_LEN) && (_data_len > _char_data.max_len))
         return BLE_STATUS_NOT_ALLOWED;
 
     status = ble_client_gatts_set_attribute_value(_handles.value_handle,
@@ -204,7 +204,7 @@ BleStatus
 BleCharacteristic::setValue(const String &str)
 {
     str.getBytes((unsigned char *)&_data, (unsigned int)_char_data.max_len, 0U);
-    _data_len = str.len + 1;
+    _data_len = str.length() + 1;
     return _setValue();
 }
 
diff --git a/libraries/CurieBle/src/BleDescriptor.cpp b/libraries/CurieBle/src/BleDescriptor.cpp
@@ -70,6 +70,9 @@ BleDescriptor::_setValue(void)
     if (!_initialised)
         return BLE_STATUS_WRONG_STATE;
 
+    if (_desc.length > BLE_MAX_ATTR_DATA_LEN)
+        return BLE_STATUS_NOT_ALLOWED;
+
     return ble_client_gatts_set_attribute_value(_handle, _desc.length, _data, 0);
 }
 
@@ -93,7 +96,7 @@ BleStatus
 BleDescriptor::setValue(const String &str)
 {
     str.getBytes((unsigned char *)&_data, (unsigned int)BLE_MAX_ATTR_DATA_LEN, 0U);
-    _desc.length = str.len + 1;
+    _desc.length = str.length() + 1;
     return _setValue();
 }
 

Original file line number	Diff line number	Diff line change
`@@ -165,7 +165,7 @@ BleCharacteristic::_setValue(void)`
`165`	`165`	`if (!_initialised)`
`166`	`166`	`return BLE_STATUS_WRONG_STATE;`
`167`	`167`
`168`		`- if (_data_len > _char_data.max_len)`
	`168`	`+ if ((_data_len > BLE_MAX_ATTR_DATA_LEN) && (_data_len > _char_data.max_len))`
`169`	`169`	`return BLE_STATUS_NOT_ALLOWED;`
`170`	`170`
`171`	`171`	`status = ble_client_gatts_set_attribute_value(_handles.value_handle,`
`@@ -204,7 +204,7 @@ BleStatus`
`204`	`204`	`BleCharacteristic::setValue(const String &str)`
`205`	`205`	`{`
`206`	`206`	`str.getBytes((unsigned char *)&_data, (unsigned int)_char_data.max_len, 0U);`
`207`		`- _data_len = str.len + 1;`
	`207`	`+ _data_len = str.length() + 1;`
`208`	`208`	`return _setValue();`
`209`	`209`	`}`
`210`	`210`
Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,9 @@ BleDescriptor::_setValue(void)`
`70`	`70`	`if (!_initialised)`
`71`	`71`	`return BLE_STATUS_WRONG_STATE;`
`72`	`72`
	`73`	`+ if (_desc.length > BLE_MAX_ATTR_DATA_LEN)`
	`74`	`+ return BLE_STATUS_NOT_ALLOWED;`
	`75`	`+`
`73`	`76`	`return ble_client_gatts_set_attribute_value(_handle, _desc.length, _data, 0);`
`74`	`77`	`}`
`75`	`78`
`@@ -93,7 +96,7 @@ BleStatus`
`93`	`96`	`BleDescriptor::setValue(const String &str)`
`94`	`97`	`{`
`95`	`98`	`str.getBytes((unsigned char *)&_data, (unsigned int)BLE_MAX_ATTR_DATA_LEN, 0U);`
`96`		`- _desc.length = str.len + 1;`
	`99`	`+ _desc.length = str.length() + 1;`
`97`	`100`	`return _setValue();`
`98`	`101`	`}`
`99`	`102`