Skip to content

Commit 734a37c

Browse files
committed
NULL check for src and nb < 1 validation
The API trusts callers to provide correctly-sized buffers but added NULL check for src and nb < 1 validation in modbus_write_bits() and modbus_write_registers(). Improve documenation about buffer size requirement.
1 parent 644667d commit 734a37c

3 files changed

Lines changed: 20 additions & 6 deletions

File tree

docs/modbus_write_bits.md

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,11 @@ int modbus_write_bits(modbus_t *ctx, int addr, int nb, const uint8_t *src);
1414
1515
The *modbus_write_bits()* function shall write the status of the `nb` bits
1616
(coils) from `src` at the address `addr` of the remote device. The
17-
`src` array must contains bytes set to `TRUE` or `FALSE`.
17+
`src` array must contain bytes set to `TRUE` or `FALSE`.
18+
19+
The `src` array must be allocated with at least `nb` elements. It is the
20+
caller's responsibility to ensure the buffer is large enough to hold all the
21+
bits to be written.
1822
1923
The function uses the Modbus function code 0x0F (force multiple coils).
2024
@@ -25,7 +29,8 @@ shall return -1 and set errno.
2529
2630
## Errors
2731
28-
- *EMBMDATA*, writing too many bits.
32+
- *EINVAL*, the `ctx` or `src` argument is NULL, or `nb` is less than 1.
33+
- *EMBMDATA*, writing too many bits (nb > MODBUS_MAX_WRITE_BITS).
2934
3035
## See also
3136

docs/modbus_write_registers.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,22 @@ int modbus_write_registers(modbus_t *ctx, int addr, int nb, const uint16_t *src)
1515
The *modbus_write_registers()* function shall write the content of the `nb`
1616
holding registers from the array `src` at address `addr` of the remote device.
1717
18+
The `src` array must be allocated with at least `nb` elements. It is the
19+
caller's responsibility to ensure the buffer is large enough to hold all the
20+
registers to be written.
21+
1822
The function uses the Modbus function code 0x10 (preset multiple registers).
1923
2024
## Return value
2125
2226
The function shall return the number of written registers if
2327
successful. Otherwise it shall return -1 and set errno.
2428
29+
## Errors
30+
31+
- *EINVAL*, the `ctx` or `src` argument is NULL, or `nb` is less than 1.
32+
- *EMBMDATA*, writing too many registers (nb > MODBUS_MAX_WRITE_REGISTERS).
33+
2534
## See also
2635
2736
- [modbus_write_register](modbus_write_register.md)

src/modbus.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1487,12 +1487,12 @@ int modbus_write_bits(modbus_t *ctx, int addr, int nb, const uint8_t *src)
14871487
int pos = 0;
14881488
uint8_t req[MAX_MESSAGE_LENGTH];
14891489

1490-
if (ctx == NULL) {
1490+
if (ctx == NULL || src == NULL) {
14911491
errno = EINVAL;
14921492
return -1;
14931493
}
14941494

1495-
if (nb > MODBUS_MAX_WRITE_BITS) {
1495+
if (nb < 1 || nb > MODBUS_MAX_WRITE_BITS) {
14961496
if (ctx->debug) {
14971497
fprintf(stderr,
14981498
"ERROR Writing too many bits (%d > %d)\n",
@@ -1548,12 +1548,12 @@ int modbus_write_registers(modbus_t *ctx, int addr, int nb, const uint16_t *src)
15481548
int byte_count;
15491549
uint8_t req[MAX_MESSAGE_LENGTH];
15501550

1551-
if (ctx == NULL) {
1551+
if (ctx == NULL || src == NULL) {
15521552
errno = EINVAL;
15531553
return -1;
15541554
}
15551555

1556-
if (nb > MODBUS_MAX_WRITE_REGISTERS) {
1556+
if (nb < 1 || nb > MODBUS_MAX_WRITE_REGISTERS) {
15571557
if (ctx->debug) {
15581558
fprintf(stderr,
15591559
"ERROR Trying to write to too many registers (%d > %d)\n",

0 commit comments

Comments
 (0)