CC2530: ZSTACK3.0.2: Reference to out of scope local variable in zdpProcessAddrReq .

Mario DW

Part Number: CC2530
Other Parts Discussed in Thread: SIMPLELINK-CC13XX-CC26XX-SDK

As I am facing issues with devices in the field, I am performing a renewed static analysis on the project and ZSTACK code.

In Components/stack/zdo/ZDProfile.c, the variable ieee which is a pointer gets assigned the address of a local variable that is an array.

Once that local array is out of scope (and thus potentially discarded), it is copied to a buffer.

This one is relatively easy to fix.

        //CCB 2113 Zigbee Core spec
        uint8 invalidIEEEAddr[Z_EXTADDR_LEN];
        osal_memset(invalidIEEEAddr,0xFF,Z_EXTADDR_LEN);
        ieee = invalidIEEEAddr;
      }
    }

    *pBuf++ = stat;

    pBuf = osal_cpyExtAddr( pBuf, ieee );

over 2 years ago

0 Ryan Brown1 over 2 years ago

TI__Guru**** 218837 points

Hi Mario,

Here is how it is handled in the SIMPLELINK-CC13XX-CC26XX-SDK:

void zdpProcessAddrReq( zdoIncomingMsg_t *inMsg )
{
  AddrMgrEntry_t addrEntry;
  associated_devices_t *pAssoc;
  uint8_t reqType;
  uint16_t aoi = INVALID_NODE_ADDR;
  uint8_t invalidIEEEAddr[Z_EXTADDR_LEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
  uint8_t *ieee = NULL;
  
//...  
  
      else
      {
        //CCB 2113 Zigbee Core spec
        ieee = invalidIEEEAddr;
      }
    }

    *pBuf++ = stat;

    if(ieee != NULL)
    {
      pBuf = osal_cpyExtAddr( pBuf, ieee );
    }
    else
    {
      pBuf = osal_cpyExtAddr( pBuf, invalidIEEEAddr );
    }

Regards,
Ryan

0 Mario DW over 2 years ago in reply to Ryan Brown1

Genius 3145 points

More or less what I did, I make it a static const ...

Zigbee & Thread

Zigbee & Thread forum

CC2530: ZSTACK3.0.2: Reference to out of scope local variable in zdpProcessAddrReq .