pubsubclient icon indicating copy to clipboard operation
pubsubclient copied to clipboard

Published 20 hours ago verified publisher icon knolleary

Resolve issue #832 (Potential memory corruption)

Open arjenhiemstra opened this issue 3 years ago • 1 comments

The memmove command is executed without any sanity checking on used values causing random reboots when an MQTT package gets processed with an impossible topic length. With a high rate test flow of MQTT messages this would sometimes corrupt memory after a few seconds.

Extra sanity checks and calculation for payload_offset and message length have been implemented to better handle messages and prevent this memory corruption.

Tested with a flow of about 50.000 messages per hour for multiple days. Went from hundreds of errors per hour to a few per day, the last errors mainly because the MQTT server couldn't keep up with the message flow. Never crashed again. A big thanks to @TD-er for help with further refactoring the code.

arjenhiemstra avatar Feb 27 '21 12:02 arjenhiemstra

Any update on this PR? It it going to get merged?

technyon avatar Jan 15 '23 13:01 technyon