buffer overflow hazards #38
Description
This current code allows MAX_VALUES + 1 data sets to be copied into the val buffer, overwriting memory after its end. The limit check should be BEFORE the copies and it should be checking for current_value already being at MAX_VALUES, not greater, sine currentValue is the (effective) array index.
void Ubidots::add(char *variable_id, double value, char *ctext, long unsigned timestamp_val) { _dirty = true; (val + _currentValue)->idName = variable_id; (val + _currentValue)->idValue = value; (val + _currentValue)->contextOne = ctext; (val + _currentValue)->timestamp_val = timestamp_val; _currentValue++; if (_currentValue > MAX_VALUES) { Serial.println(F("You are sending more than the maximum of consecutive variables")); _currentValue = MAX_VALUES; } }
In addition, is snprintf not available for the environments using this code? Even if it isn't, using the return value of sprintf in sendAll and editing into a local buffer would allow avoiding overflow of the allData buffer. As a side effect, this checking would constitute part of the setup for avoiding recopying allData onto itself and concatenating new strings over and over and OVER. Should this useless copying be part of an application expected to conserve power?