You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Category: Memory - corruptions
Function: cf_set_value
Component: Bluetooth
CID: 218737
Details:
493 uint16_t i;
494 uint8_t last_byte = CF_BYTE_LAST;
495 uint8_t last_bit = CF_BIT_LAST;
496
497 /* Validate the bits */
498 for (i = 0U; i < len && i <= last_byte; i++) {
>>> CID 218737: (OVERRUN)
>>> Overrunning array "cfg->data" of 1 bytes at byte offset 2 using index "i" (which evaluates to 2).
499 uint8_t chg_bits = value[i] ^ cfg->data[i];
500 uint8_t bit;
501
502 for (bit = 0U; bit <= last_bit; bit++) {
503 /* A client shall never clear a bit it has set */
504 if ((BIT(bit) & chg_bits) &&
507 }
508 }
509 }
510
511 /* Set the bits for each octect */
512 for (i = 0U; i < len && i < last_byte; i++) {
>>> CID 218737: (OVERRUN)
>>> Overrunning array "cfg->data" of 1 bytes at byte offset 1 using index "i" (which evaluates to 1).
513 cfg->data[i] |= value[i] & (BIT(last_bit + 1) - 1);
514 BT_DBG("byte %u: data 0x%02x value 0x%02x", i, cfg->data[i],
515 value[i]);
516 }
517
518 return true;
498 for (i = 0U; i < len && i <= last_byte; i++) {
499 uint8_t chg_bits = value[i] ^ cfg->data[i];
500 uint8_t bit;
501
502 for (bit = 0U; bit <= last_bit; bit++) {
503 /* A client shall never clear a bit it has set */
>>> CID 218737: (OVERRUN)
>>> Overrunning array "cfg->data" of 1 bytes at byte offset 2 using index "i" (which evaluates to 2).
504 if ((BIT(bit) & chg_bits) &&
505 (BIT(bit) & cfg->data[i])) {
506 return false;
507 }
508 }
509 }
Please fix or provide comments in coverity using the link:
Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
The text was updated successfully, but these errors were encountered:
Static code scan issues found in file:
https:/zephyrproject-rtos/zephyr/tree/fe7c2efca800a0cf1bccf23aefe08b3c4beb88bf/subsys/bluetooth/host/gatt.c#L504
Category: Memory - corruptions
Function:
cf_set_value
Component: Bluetooth
CID: 218737
Details:
Please fix or provide comments in coverity using the link:
https://scan9.coverity.com/reports.htm#v32951/p12996.
Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
The text was updated successfully, but these errors were encountered: