NULL check for src and nb < 1 validation

stephane · stephane · commit 734a37cb66ca · 2025-12-16T17:34:57.000+01:00
The API trusts callers to provide correctly-sized buffers but
added NULL check for src and nb &lt; 1 validation in
modbus_write_bits() and modbus_write_registers().
Improve documenation about buffer size requirement.
diff --git a/docs/modbus_write_bits.md b/docs/modbus_write_bits.md
@@ -14,7 +14,11 @@ int modbus_write_bits(modbus_t *ctx, int addr, int nb, const uint8_t *src);
 
 The *modbus_write_bits()* function shall write the status of the `nb` bits
 (coils) from `src` at the address `addr` of the remote device. The
-`src` array must contains bytes set to `TRUE` or `FALSE`.
+`src` array must contain bytes set to `TRUE` or `FALSE`.
+
+The `src` array must be allocated with at least `nb` elements. It is the
+caller's responsibility to ensure the buffer is large enough to hold all the
+bits to be written.
 
 The function uses the Modbus function code 0x0F (force multiple coils).
 
@@ -25,7 +29,8 @@ shall return -1 and set errno.
 
 ## Errors
 
-- *EMBMDATA*, writing too many bits.
+- *EINVAL*, the `ctx` or `src` argument is NULL, or `nb` is less than 1.
+- *EMBMDATA*, writing too many bits (nb > MODBUS_MAX_WRITE_BITS).
 
 ## See also
 
diff --git a/docs/modbus_write_registers.md b/docs/modbus_write_registers.md
@@ -15,13 +15,22 @@ int modbus_write_registers(modbus_t *ctx, int addr, int nb, const uint16_t *src)
 The *modbus_write_registers()* function shall write the content of the `nb`
 holding registers from the array `src` at address `addr` of the remote device.
 
+The `src` array must be allocated with at least `nb` elements. It is the
+caller's responsibility to ensure the buffer is large enough to hold all the
+registers to be written.
+
 The function uses the Modbus function code 0x10 (preset multiple registers).
 
 ## Return value
 
 The function shall return the number of written registers if
 successful. Otherwise it shall return -1 and set errno.
 
+## Errors
+
+- *EINVAL*, the `ctx` or `src` argument is NULL, or `nb` is less than 1.
+- *EMBMDATA*, writing too many registers (nb > MODBUS_MAX_WRITE_REGISTERS).
+
 ## See also
 
 - [modbus_write_register](modbus_write_register.md)
diff --git a/src/modbus.c b/src/modbus.c
@@ -1487,12 +1487,12 @@ int modbus_write_bits(modbus_t *ctx, int addr, int nb, const uint8_t *src)
     int pos = 0;
     uint8_t req[MAX_MESSAGE_LENGTH];
 
-    if (ctx == NULL) {
+    if (ctx == NULL || src == NULL) {
         errno = EINVAL;
         return -1;
     }
 
-    if (nb > MODBUS_MAX_WRITE_BITS) {
+    if (nb < 1 || nb > MODBUS_MAX_WRITE_BITS) {
         if (ctx->debug) {
             fprintf(stderr,
                     "ERROR Writing too many bits (%d > %d)\n",
@@ -1548,12 +1548,12 @@ int modbus_write_registers(modbus_t *ctx, int addr, int nb, const uint16_t *src)
     int byte_count;
     uint8_t req[MAX_MESSAGE_LENGTH];
 
-    if (ctx == NULL) {
+    if (ctx == NULL || src == NULL) {
         errno = EINVAL;
         return -1;
     }
 
-    if (nb > MODBUS_MAX_WRITE_REGISTERS) {
+    if (nb < 1 || nb > MODBUS_MAX_WRITE_REGISTERS) {
         if (ctx->debug) {
             fprintf(stderr,
                     "ERROR Trying to write to too many registers (%d > %d)\n",
