[Coverity CID: 434663] Out-of-bounds access in drivers/lora/rylrxxx.c

[zephyrbot]

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/b1def7145fd/drivers/lora/rylrxxx.c#L451

Category: Memory - corruptions
Function: rylr_send_async
Component: Drivers
CID: 434663

Details:

https://github.com/zephyrproject-rtos/zephyr/blob/b1def7145fd/drivers/lora/rylrxxx.c#L451

445              LOG_ERR("async signal cannot be null");
446              err = -EINVAL;
447              goto bail;
448      }
449    
450      data->async_tx_signal = async;
>>>     CID 434663:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "data->cmd_buffer" of 256 bytes by passing it to a function which accesses it at byte offset 256 using argument "cmd_len + 1" (which evaluates to 257). [Note: The source code implementation of the function has been overridden by a builtin model.]
451      data->curr_cmd_len =
452              snprintf(data->cmd_buffer, cmd_len + 1, RYLR_CMD_SEND_FORMAT, payload_len, payload);
453      rylr_reset_dynamic_script(data);
454      data->dynamic_chat.request = data->cmd_buffer;
455      data->dynamic_chat.request_size = data->curr_cmd_len;
456    

For more information about the violation, check the Coverity Reference. (CWE-119)

Please fix or provide comments in coverity using the link:

https://scan9.scan.coverity.com/#/project-view/29271/12996?selectedIssue=434663

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the MAINTAINERS file.