sccb-ng: fix off-by-one device capacity check to prevent overflow

RubenKelevra · RubenKelevra · commit 05decdbce71d · 2025-07-17T14:32:35.000+02:00
SCCB_Install_Device() rejected new devices only when device_count &gt; MAX_DEVICES.
When device_count == MAX_DEVICES the function still proceeded to install the
device and wrote to devices[device_count], i.e. devices[MAX_DEVICES], which is
one element past the end of the devices[] array (valid indices 0..MAX_DEVICES-1).

This off-by-one results in a buffer overflow / write outside the designated
memory area and then increments device_count to MAX_DEVICES+1.

Change the guard to `device_count &gt;= MAX_DEVICES` so we refuse installation once
the array is full and prevent the out-of-bounds write/read chain.
diff --git a/driver/sccb-ng.c b/driver/sccb-ng.c
@@ -80,7 +80,7 @@ int SCCB_Install_Device(uint8_t slv_addr)
     esp_err_t ret;
     i2c_master_bus_handle_t bus_handle;
 
-    if (device_count > MAX_DEVICES)
+    if (device_count >= MAX_DEVICES)
     {
         ESP_LOGE(TAG, "cannot add more than %d devices", MAX_DEVICES);
         return ESP_FAIL;

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ int SCCB_Install_Device(uint8_t slv_addr)`
`80`	`80`	`esp_err_t ret;`
`81`	`81`	`i2c_master_bus_handle_t bus_handle;`
`82`	`82`
`83`		`- if (device_count > MAX_DEVICES)`
	`83`	`+ if (device_count >= MAX_DEVICES)`
`84`	`84`	`{`
`85`	`85`	`ESP_LOGE(TAG, "cannot add more than %d devices", MAX_DEVICES);`
`86`	`86`	`return ESP_FAIL;`