Skip to content

[esp_websocket_client] NULL pointer passed to memcpy in esp_websocket_client_send_with_exact_opcode (CWE-476) #1030

Open
Open
[esp_websocket_client] NULL pointer passed to memcpy in esp_websocket_client_send_with_exact_opcode (CWE-476)#1030
@adzy84

Description

@adzy84
adzy84
opened on Mar 19, 2026

Answers checklist.

  • I have read the documentation for esp-protocols components and the issue is not addressed there.
  • I have updated my esp-protocols branch (master or release) to the latest version and checked that the issue is present there.
  • I have searched the issue tracker for a similar issue and not found a similar issue.

General issue report

Component

Name: esp_websocket_client
Version: 1.6.1

Description

esp_websocket_client_send_fin() calls esp_websocket_client_send_with_exact_opcode(client, WS_TRANSPORT_OPCODES_FIN, NULL, 0, timeout).
The NULL guard at line ~662 permits data == NULL when len == 0, but the while (widx < len || opcode) loop at ~698 still executes when opcode != 0, reaching memcpy(client->tx_buffer, data + widx, need_write) with a NULL source pointer — UB per C11 §7.1.4.

Found by: Clang static analyzer (-Wanalyzer-null-argument)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions