Fix #1189, always set outputs from CFE_SB_TransmitMsgValidate

In the event that CFE_SB_TransmitMsgValidate fails, make sure all outputs are also written as safe/known (but invalid) values. This is just in case the calling function does not check the status response and uses the output value anyway (which would be wrong, but this is just another layer of protection if it does happen).
nasa · Mar 1, 2021 · bf8f481 · bf8f481
1 parent 54adb9f
commit bf8f481
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/fsw/cfe-core/src/sb/cfe_sb_api.c b/fsw/cfe-core/src/sb/cfe_sb_api.c
@@ -1627,6 +1627,19 @@ int32 CFE_SB_TransmitMsgValidate(CFE_MSG_Message_t *MsgPtr,
 
     }/* end if */
 
+    if (Status != CFE_SUCCESS)
+    {
+        /*
+         * ensure that all the output buffers are always set to something.
+         *
+         * these outputs should not be used when returning non-success,
+         * this just protects against undefined behavior if they are.
+         */
+        *MsgIdPtr   = CFE_SB_INVALID_MSG_ID;
+        *SizePtr    = 0;
+        *RouteIdPtr = CFE_SBR_INVALID_ROUTE_ID;
+    }
+
     return Status;
 }
 

diff --git a/fsw/cfe-core/unit-test/sb_UT.c b/fsw/cfe-core/unit-test/sb_UT.c
@@ -3343,8 +3343,8 @@ void Test_TransmitMsgValidate_MaxMsgSizePlusOne(void)
     UT_SetDataBuffer(UT_KEY(CFE_MSG_GetSize), &Size, sizeof(Size), false);
 
     ASSERT_EQ(CFE_SB_TransmitMsgValidate(&TlmPkt.Hdr.Msg, &MsgIdRtn, &SizeRtn, &RouteIdRtn), CFE_SB_MSG_TOO_BIG);
-    ASSERT_EQ(CFE_SB_MsgIdToValue(MsgIdRtn), CFE_SB_MsgIdToValue(MsgId));
-    ASSERT_EQ(SizeRtn, Size);
+    ASSERT_TRUE(!CFE_SB_IsValidMsgId(MsgIdRtn));
+    ASSERT_EQ(SizeRtn, 0);
 
     EVTCNT(1);