RDKEMW-12350: Fix uninitialized missing error checks in timeZoneDST fallback path#324
Open
Copilot wants to merge 20 commits into
Open
RDKEMW-12350: Fix uninitialized missing error checks in timeZoneDST fallback path#324Copilot wants to merge 20 commits into
Copilot wants to merge 20 commits into
Conversation
- Validate ftell return: reject -1 (error) and 0 (empty file) - Add malloc NULL check to prevent NULL pointer dereference - Initialize zone buffer to empty string before fscanf - Reset zone after each iteration to catch stale data - Check fscanf return == 1 instead of != EOF to catch format errors and whitespace-only files - Remove impossible 'zone != NULL' check (zone is stack-local pointer to heap memory, never NULL inside the loop) - Don't reset zoneValue to NULL on empty reads (preserve any previously read valid value) Agent-Logs-Url: https://github.com/rdkcentral/telemetry/sessions/45c3e1dc-dc54-4005-8756-3a32aa7fdeef Co-authored-by: yogeswaransky <166126056+yogeswaransky@users.noreply.github.com>
…d, remove redundant reset Agent-Logs-Url: https://github.com/rdkcentral/telemetry/sessions/45c3e1dc-dc54-4005-8756-3a32aa7fdeef Co-authored-by: yogeswaransky <166126056+yogeswaransky@users.noreply.github.com>
yogeswaransky
changed the title
Agent-Logs-Url: https://github.com/rdkcentral/telemetry/sessions/0e080027-1be4-41cd-afbc-25283b55d93f Co-authored-by: yogeswaransky <166126056+yogeswaransky@users.noreply.github.com>
yogeswaransky
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens the timeZoneDST fallback path in getTimezone() so it safely handles unreadable/empty files and allocation failures, aligning with the goal of fixing uninitialized use and missing error checks in that reader.
Changes:
- Add handling for
ftell()failure (numbytes < 0) and for empty files (numbytes == 0) in the/opt/persistent/timeZoneDSTfallback. - Add
mallocfailure handling and initialize thezonebuffer before reading. - Tighten the read loop condition to only process successful
fscanfreads (== 1) and ensure resources are freed/closed on all paths.
yogeswaransky
approved these changes
Apr 13, 2026
Contributor
|
@copilot can you address this comment in a separate PR |
Contributor
Author
|
@yogeswaransky I've opened a new pull request, #329, to work on those changes. Once the pull request is ready, I'll request review from you. |
1 task
Agent-Logs-Url: https://github.com/rdkcentral/telemetry/sessions/2b39401a-79a0-4d6a-a81f-523a6997a872 Co-authored-by: yogeswaransky <166126056+yogeswaransky@users.noreply.github.com>
Agent-Logs-Url: https://github.com/rdkcentral/telemetry/sessions/7f6ea2d9-36fa-4120-a7dc-e7bfe71e9f8a Co-authored-by: yogeswaransky <166126056+yogeswaransky@users.noreply.github.com>
Agent-Logs-Url: https://github.com/rdkcentral/telemetry/sessions/03d1c8d7-2587-443b-bbe5-50a78ff7f073 Co-authored-by: yogeswaransky <166126056+yogeswaransky@users.noreply.github.com>
…o break in getBuildType Agent-Logs-Url: https://github.com/rdkcentral/telemetry/sessions/d94df585-444b-4056-a136-bc1f7415c614 Co-authored-by: yogeswaransky <166126056+yogeswaransky@users.noreply.github.com>
RDKEMW-12350: Add unit tests for timeZoneDST fallback path in getTimezone()
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
Comments suppressed due to low confidence (4)
source/test/xconf-client/xconfclientTest.cpp:864
curl_url()returns aCURLU*that must be released withcurl_url_cleanup(). This test currently usescurl_free()on the handle; please switch tocurl_url_cleanup(requestURL).
CURLU* requestURL = curl_url();
curl_url_set(requestURL, CURLUPART_URL,
"https://mockxconf:50050/loguploader/getT2DCMSettings", 0);
EXPECT_EQ(T2ERROR_FAILURE, appendRequestParams(requestURL));
curl_free(requestURL);
requestURL = NULL;
source/test/xconf-client/xconfclientTest.cpp:890
curl_url()returns aCURLU*that must be released withcurl_url_cleanup(). This test currently usescurl_free()on the handle; please switch tocurl_url_cleanup(requestURL).
CURLU* requestURL = curl_url();
curl_url_set(requestURL, CURLUPART_URL,
"https://mockxconf:50050/loguploader/getT2DCMSettings", 0);
EXPECT_EQ(T2ERROR_FAILURE, appendRequestParams(requestURL));
curl_free(requestURL);
requestURL = NULL;
source/test/xconf-client/xconfclientTest.cpp:916
curl_url()returns aCURLU*that must be released withcurl_url_cleanup(). This test currently usescurl_free()on the handle; please switch tocurl_url_cleanup(requestURL).
CURLU* requestURL = curl_url();
curl_url_set(requestURL, CURLUPART_URL,
"https://mockxconf:50050/loguploader/getT2DCMSettings", 0);
EXPECT_EQ(T2ERROR_FAILURE, appendRequestParams(requestURL));
curl_free(requestURL);
requestURL = NULL;
source/test/xconf-client/xconfclientTest.cpp:953
curl_url()returns aCURLU*that must be released withcurl_url_cleanup(). This test currently usescurl_free()on the handle; please switch tocurl_url_cleanup(requestURL).
CURLU* requestURL = curl_url();
curl_url_set(requestURL, CURLUPART_URL,
"https://mockxconf:50050/loguploader/getT2DCMSettings", 0);
EXPECT_EQ(T2ERROR_SUCCESS, appendRequestParams(requestURL));
curl_free(requestURL);
requestURL = NULL;
Comment on lines
+315
to
+318
| else if (numbytes == 0 || numbytes > 256) | ||
| { | ||
| T2Warning("Warning: timeZoneDST file has unexpected size %ld, skipping\n", numbytes); | ||
| fclose(file); |
Comment on lines
+833
to
+838
| CURLU* requestURL = curl_url(); | ||
| curl_url_set(requestURL, CURLUPART_URL, | ||
| "https://mockxconf:50050/loguploader/getT2DCMSettings", 0); | ||
| EXPECT_EQ(T2ERROR_FAILURE, appendRequestParams(requestURL)); | ||
| curl_free(requestURL); | ||
| requestURL = NULL; |
Comment on lines
+773
to
+780
| * Preconditions for each test: | ||
| * - All getParameterValue calls succeed (6 calls with dummy values). | ||
| * - getBuildType succeeds: fopen(DEVICE_PROPERTIES) returns a fake handle, fscanf | ||
| * fills "BUILD_TYPE=PROD" and then returns EOF. | ||
| * - getTimezone CPU_ARCH read: fopen(DEVICE_PROPERTIES) returns NULL (no CPU_ARCH). | ||
| * - getTimezone JSON loop: fopen("/opt/output.json") returns NULL (10 retries fail). | ||
| * After these preconditions the timeZoneDST fallback is exercised. | ||
| */ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.