• State Not Answered
  • Replies 3 replies
  • Subscribers 65 subscribers
  • Views 135 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 329059
Options

modem_info_get_current_band in modem_info.c is using wrong value type

Christian Zingl

modem_info_get_current_band expects an uint8 pointer to store the band into, but scans for an unsigned int (probably above 8 bit) in nrf_modem_at_scanf. This leads to memory corruption when used with, as the function definition may suggest, an uint8. The workaround is to use it with an unsigned integer. The bug is present in SDK 2.6.1. I did not check the other SDK versions.

int modem_info_get_current_band(uint8_t *val)
{
	if (val == NULL) {
		return -EINVAL;
	}

	int ret = nrf_modem_at_scanf("AT%XCBAND", "%%XCBAND: %u", val);

	if (ret != 1) {
		LOG_ERR("Could not get band, error: %d", ret);
		return map_nrf_modem_at_scanf_error(ret);
	}

	if (*val == BAND_UNAVAILABLE) {
		LOG_WRN("No valid band");
		return -ENOENT;
	}

	return 0;
}

Parents Reply
  • 0 in reply to dejans

    Thank you. I don't know how the nrf_modem_at_scanf is implemented in the background. If it works just like a regular scanf, the %u format specifier would write an unsigned int, which, although I have not seen this yet, could potentally also be a 64 bit number in a future system. I suggest using the unsigned int format for the band value, not an uint32. Or, if the unsigned char can be trusted to be 8 bits, use the %hhu specifier with scanf, if supported.

Children
Related