fix: memory leaks and input validation in i2c, spi, xxtea, and base modules#126
Open
Copilot wants to merge 2 commits intofix/malloc-null-checkfrom
Open
fix: memory leaks and input validation in i2c, spi, xxtea, and base modules#126Copilot wants to merge 2 commits intofix/malloc-null-checkfrom
Copilot wants to merge 2 commits intofix/malloc-null-checkfrom
Conversation
Co-authored-by: wendal <589819+wendal@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix null pointer checks for malloc/calloc in LuatOS
fix: memory leaks and input validation in i2c, spi, xxtea, and base modules
Feb 27, 2026
|
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes memory leaks and hardens input validation across multiple low-level modules, addressing regressions/secondary issues introduced by earlier malloc/calloc NULL checks.
Changes:
- Free heap allocations on early-return/error paths in SPI transfer, base callback dispatch, and XXTEA decrypt.
- Fix I2C transfer variable shadowing that previously caused 0-length transmissions.
- Add input validation to prevent size_t underflow and NULL dereferences in I2C receive and i2c-tools.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| luat/modules/luat_lib_spi.c | Frees heap-allocated send buffer on additional early-return/error paths in SPI transfer. |
| luat/modules/luat_lib_i2c.c | Guards against non-positive recv lengths and fixes tx_len shadowing in I2C transfer. |
| luat/modules/luat_base.c | Frees queued callback allocation when sys_pub is not callable. |
| components/xxtea/src/xxtea2.c | Frees out_data and returns NULL on decrypt size mismatch. |
| components/i2c-tools/i2c_tools.c | Adds minimum length guard and checks strtok result before memcmp. |
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
381
to
387
| int addr = luaL_checkinteger(L, 2); | ||
| int len = luaL_checkinteger(L, 3); | ||
| if (len <= 0) { | ||
| lua_pushlstring(L, NULL, 0); | ||
| return 1; | ||
| } | ||
| char *buff = (char *)luat_heap_malloc(len); |
Comment on lines
20
to
27
| char *command = strtok(i2c_tools_data, " "); | ||
| if (command == NULL) { | ||
| luat_heap_free(i2c_tools_data); | ||
| return; | ||
| } | ||
| if (memcmp("send", command, 4) == 0){ | ||
| int i2c_id = atoi(strtok(NULL, " ")); | ||
| i2c_init(i2c_id,0); |
Comment on lines
650
to
+660
| if(recv_length == 0){ | ||
| if (send_mode == LUA_TTABLE) luat_heap_free(send_buff); | ||
| lua_pushlstring(L,NULL,0); | ||
| return 1; | ||
| } | ||
| if (recv_length > 0) { | ||
| recv_buff = luat_heap_malloc(recv_length); | ||
| if(recv_buff == NULL) | ||
| if(recv_buff == NULL) { | ||
| if (send_mode == LUA_TTABLE) luat_heap_free(send_buff); | ||
| return 0; | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Several
malloc/callocnull-check additions in PR #123 introduced or exposed secondary issues: missingfreeon alternate return paths, a variable shadowing bug that silently zeroed the tx length, missing input validation allowing size_t underflow, and aNULLdereference viastrtok.Memory leaks on early-return paths
luat_base.c/luat_cbcwait_cb:msg->ptrwas not freed whensys_pubwas not a function, leaking every queued callback allocation on that path.xxtea2.c/PUB_XxTEADecrypt:out_datawas not freed and returned0(notNULL) whenreal_data_size > data_size.luat_lib_spi.c/l_spi_device_transfer:send_buff(heap-allocated when arg is a table) was not freed on therecv_length == 0early return or onrecv_buffallocation failure.Variable shadowing causing silent data corruption
luat_lib_i2c.c/l_i2c_transfer: Aconst int tx_lenwas re-declared inside the table branch, shadowing the outersize_t tx_len. The outer variable remained0, causing subsequentluat_i2c_transfer/i2c_soft_sendcalls to transmit 0 bytes.Missing input validation
luat_lib_i2c.c/l_i2c_recv: A negative Lua integer passed aslenwould silently wrap to a hugesize_tformalloc. Addedlen <= 0guard with empty-string return.i2c_tools.c/i2c_tools: No minimum length check meantlen - 8/len - 9could underflow assize_t. Addedlen < 9early return. Also added a NULL check on thestrtokresult before passing it tomemcmp.🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.