nrf_ringbuf has many logic bugs that cause it to both corrupt internal structures and return invalid data. For example one of these calls to nrf_ringbuf_alloc tells me that I can write 100 bytes to a 4-byte buffer:
int i;
uint8_t *data;
size_t len;
NRF_RINGBUF_DEF(ring, 4);
nrf_ringbuf_init(&ring);
for (i = 0; i < 10; i++)
{
// allocate and put one byte
len = 100;
ASSERT(nrf_ringbuf_alloc(&ring, &data, &len, true) == NRF_SUCCESS);
ASSERT(len <= 4);
ASSERT(nrf_ringbuf_put(&ring, 1) == NRF_SUCCESS);
// allocate and put zero bytes
len = 100;
ASSERT(nrf_ringbuf_alloc(&ring, &data, &len, true) == NRF_SUCCESS);
ASSERT(len <= 4); // <------- assert fails, len == 100
ASSERT(nrf_ringbuf_put(&ring, 0) == NRF_SUCCESS);
// get all available data
len = 100;
ASSERT(nrf_ringbuf_get(&ring, &data, &len, false) == NRF_SUCCESS);
ASSERT(nrf_ringbuf_free(&ring, len) == NRF_SUCCESS);
}
This particular usage pattern is triggered all the time by nrf_cli_uart.