CWE-628: Function Call with Incorrectly Specified Arguments

Question

CWE-628: Function Call with Incorrectly Specified Arguments

Opened this issue 5 months ago · 0 comments

While running the code through PIO Inspector, this incompliance was found.
File: Mqtt_client_ips.cpp : 146 : 34
Function: void callback(char* topic, byte* payload, unsigned int length) { //A new message has been received

Code:

    sprintf(message, "%c", (char)payload[0]);
    for (int i = 1; i < length; i++) {
        sprintf(message, "%s%c", message, (char)payload[i]);

cppcheck	HIGH	ERROR	CWE-628:Undefined behavior: Variable 'message' is used as parameter and destination in sprintf().

Same array "message" is used as input and output of the function. As far as I understand, this loop just copies arrays "payload" into "message". One by one, byte into char. It surely can be optimized to avoid using sprintf, right?