zwave_api: Harden zwapi_connection.c by checking snprintf

rzr · github-advanced-security[bot] · rzr · commit 2d9f35145a54 · 2025-06-02T14:01:18.000+02:00
Checking snprintf results, reminder : If the output was truncated due to this limit, then the return value is the number of characters (excluding the terminating null byte) which would have been written to the final string if enough space had been available This was found using CodeQL: Potential fix for code scanning alert no. 19: Potentially overflowing call to snprintf More refactoring can be done in later change Origin: SiliconLabsSoftware#113 Relate-to: SiliconLabsSoftware#100 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Philippe Coval <philippe.coval@silabs.com>
diff --git a/applications/zpc/components/zwave_api/src/zwapi_connection.c b/applications/zpc/components/zwave_api/src/zwapi_connection.c
@@ -11,6 +11,7 @@
  *
  *****************************************************************************/
 
+#include <assert.h>
 #include <string.h>
 #include "zwapi_connection.h"
 #include "zwapi_serial.h"
@@ -45,19 +46,44 @@ static const char *zwapi_frame_to_string(const uint8_t *buffer,
 {
   static char message[1000] = {'\0'};
   uint16_t index            = 0;
+  int written               = 0;
   for (uint16_t i = 0; i < buffer_length; i++) {
     if (i == 0) {
       // Don't log the SOF byte.
       continue;
     } else if (i == 1) {
-      index += snprintf(message + index, sizeof(message) - index, "Length=");
+      written = snprintf(message + index, sizeof(message) - index, "Length=");
+      if (written < 0 || written >= sizeof(message) - index) {
+        sl_log_error(LOG_TAG, "Overflow in zwapi_frame_to_string\n");
+        assert(false);
+        return NULL;
+      }
+      index += written;
     } else if (i == 2) {
-      index += snprintf(message + index, sizeof(message) - index, "Type=");
+      written = snprintf(message + index, sizeof(message) - index, "Type=");
+      if (written < 0 || written >= sizeof(message) - index) {
+        sl_log_error(LOG_TAG, "Overflow in zwapi_frame_to_string\n");
+        assert(false);
+        return NULL;
+      }
+      index += written;
     } else if (i == 3) {
-      index += snprintf(message + index, sizeof(message) - index, "Cmd=");
+      written = snprintf(message + index, sizeof(message) - index, "Cmd=");
+      if (written < 0 || written >= sizeof(message) - index) {
+        sl_log_error(LOG_TAG, "Overflow in zwapi_frame_to_string\n");
+        assert(false);
+        return NULL;
+      }
+      index += written;
+    }
+    written
+      = snprintf(message + index, sizeof(message) - index, "%02X ", buffer[i]);
+    if (written < 0 || written >= sizeof(message) - index) {
+      sl_log_error(LOG_TAG, "Overflow in zwapi_frame_to_string\n");
+      assert(false);
+      return NULL;
     }
-    index
-      += snprintf(message + index, sizeof(message) - index, "%02X ", buffer[i]);
+    index += written;
   }
   return message;
 }
