-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CWE-628: Function Call with Incorrectly Specified Arguments #71
Comments
Yes, it just copies the payload content into the message buffer and converts it from byte to char. Maybe there is a speed or memory usage improvment on ESPs over using a std lib function... The beginning of a refactored function of the actual main with some comments would look like this:
Tested and working for MQTT_ENABLED and MQTT_HOME_ASSISTANT |
Cool, thanks for the heads-up. Can you please run this new code through the PIO inspector and if everything is fine, commit it? Thanks. |
Sure, It was already included in the last PR (#95) I ran the PlatformIO Inspector again then and there was some more stuff... It actually just runs the command "platformio.exe check --environment esp32dev" in the background, so I prefer the command-line output myself. I fixed, the rest of the "fixable" findings in our code. I created a brach for it, in the moment just in my fork: https://github.com/Martinius79/EleksTubeHAX/tree/FixCPPCheckFindings The result is:
This looks, like it there are still some findings in our code (src = 20 low), but if you take a closer look and understand the limits of the cppcheck mechanisms, you'll see that these are all "false positives" and warnings about "unusedFunction," which isn't true.. cppcheck ist just limited how it checks the calls from other classes. So it's unable to detect that the methods are actually used (most of them). All other findings are not fixable for us because they are in the external libraries we use. Some of them are also false positives, like the high ones (macro preprocessor of cppcheck is limited). A complete list, is attached: So I guess, that is all we can "fix" for now... Two Questions now:
Let me know your thoughts. |
Hi, thanks.
|
I created a PR for the cpp check finding fixes #101 The format stuff is not that important, I guess...I prepeared a branch already, but need to integrate the latest changes to it. |
Thanks! |
While running the code through PIO Inspector, this incompliance was found.
File: Mqtt_client_ips.cpp : 146 : 34
Function: void callback(char* topic, byte* payload, unsigned int length) { //A new message has been received
Code:
Same array "message" is used as input and output of the function. As far as I understand, this loop just copies arrays "payload" into "message". One by one, byte into char. It surely can be optimized to avoid using
sprintf
, right?The text was updated successfully, but these errors were encountered: