packdev_t: Increment pointer address, not pointer value

If pDev is not NULL, everything in the buffer from linkInfo.InFrmCntr onwards was also garbage: The *pBuf+=4 is definitely a bug, it increments the value, not the pointer address. So linkInfo.InFrmCntr is written to the buffer, then linkInfo.InFrmCntr in the buffer is incremented by 4, and then the first two bytes (because the pointer was not incremented) are overwritten with linkInfo.TxFailure. I replaced it with the correct pBuf +=4. See Koenkk/zigbee2mqtt#13478 (comment) @slugzero Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
oliv3r · Aug 26, 2024 · 4104d55 · 4104d55
1 parent 0547def
commit 4104d55
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/source/ti/zstack/mt/mt_util.c b/source/ti/zstack/mt/mt_util.c
@@ -1546,7 +1546,7 @@ static void packDev_t(uint8_t *pBuf, associated_devices_t *pDev)
     *pBuf++ = pDev->linkInfo.rxLqi;
     *pBuf++ = pDev->linkInfo.inKeySeqNum;
     OsalPort_bufferUint32( pBuf, pDev->linkInfo.inFrmCntr );
-    *pBuf += 4;
+    pBuf += 4;
     *pBuf++ = LO_UINT16(pDev->linkInfo.txFailure);
     *pBuf++ = HI_UINT16(pDev->linkInfo.txFailure);
   }