Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 4 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on February 20
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
examples/mqtt/main/app_main.c
Outdated
| }; | ||
| const esp_mqtt_client_config_t mqtt5_cfg = { | ||
| .broker = { | ||
| .address.uri = "mqtt://192.168.33.99:1884", |
There was a problem hiding this comment.
Hardcoded private IP address in broker configuration
Medium Severity
The broker URI is hardcoded to a private IP address "mqtt://192.168.33.99:1884" which only works on the developer's local network. This example code won't function for anyone else and appears to be accidentally committed test configuration rather than using a configurable option like CONFIG_BROKER_URL.
| uint8_t count = esp_mqtt5_client_get_user_property_count(user_property); | ||
| if (count) { | ||
| esp_mqtt5_user_property_item_t *item = malloc(count * sizeof(esp_mqtt5_user_property_item_t)); | ||
| if (esp_mqtt5_client_get_user_property(user_property, item, &count) == ESP_OK) { |
There was a problem hiding this comment.
Missing NULL check after malloc allocation
Medium Severity
The malloc call in print_user_property() doesn't check if the allocation succeeded before using the returned pointer. If malloc returns NULL due to memory exhaustion, passing it to esp_mqtt5_client_get_user_property() will cause undefined behavior or a crash.
| break; | ||
|
|
||
| case MQTT_EVENT_SUBSCRIBED: | ||
| ESP_LOGI(TAG, "MQTT_EVENT_SUBSCRIBED, msg_id=%d, reason code=0x%02x ", event->msg_id, (uint8_t)*event->data); |
There was a problem hiding this comment.
Unsafe dereference of event->data without validation
Medium Severity
The MQTT_EVENT_SUBSCRIBED handler dereferences event->data to read the reason code without first verifying that event->data is non-NULL and event->data_len is greater than zero. If the event lacks data, this causes a null pointer dereference or reads invalid memory.
| }, | ||
| }; | ||
|
|
||
| esp_mqtt_client_handle_t client = esp_mqtt_client_init(&mqtt5_cfg); |
There was a problem hiding this comment.
Missing NULL check after MQTT client initialization
Medium Severity
The return value of esp_mqtt_client_init() is not checked for NULL before being used. If initialization fails (due to memory exhaustion or invalid configuration), the NULL handle is passed to esp_mqtt5_client_set_connect_property(), esp_mqtt_client_register_event(), and esp_mqtt_client_start(), causing crashes or undefined behavior.
Additional Locations (2)
1 participant
Note
Introduces an MQTT v5-focused example and tooling to reproduce an issue scenario.
app_main.cppwithapp_main.cimplementing an MQTT v5 client: subscribes tosensor/data, logs MQTT v5 user/message properties, and connects tomqtt://192.168.33.99:1884mqtt5_broker_stub.pyminimal broker: replies to CONNECT/SUBSCRIBE and sends a crafted PUBLISH to trigger/reproduce behaviorCMakeLists.txtto buildapp_main.c(with optional commented ASan flags)sdkconfig.defaultsenablingCONFIG_MQTT_PROTOCOL_5Written by Cursor Bugbot for commit 055bc40. This will update automatically on new commits. Configure here.