From 8e0cabaeb775c70f6645d65e7241951e910ea97e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 15 Dec 2025 21:43:00 +0000
Subject: [PATCH] Add static_assert and use consistent %255s width specifier

- Add static_assert to ensure PX4_MAX_FILEPATH >= 256 at compile time
- Use %255s consistently for both sscanf calls to prevent overflow
- Add explanatory comments for the width specifier choice
- Addresses code review feedback about potential overflow on NuttX

Co-authored-by: dakejahl <37091262+dakejahl@users.noreply.github.com>
---
 src/modules/mavlink/mavlink_log_handler.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/modules/mavlink/mavlink_log_handler.cpp b/src/modules/mavlink/mavlink_log_handler.cpp
index e663dda8f0..78249824af 100644
--- a/src/modules/mavlink/mavlink_log_handler.cpp
+++ b/src/modules/mavlink/mavlink_log_handler.cpp
@@ -54,6 +54,10 @@ static const char *kLogDir = PX4_STORAGEDIR "/log";
 #define PX4_MAX_FILEPATH 	PATH_MAX
 #endif
 
+// Ensure PX4_MAX_FILEPATH is large enough for our buffer sizes
+// LogEntry.filepath is 256 bytes, so PX4_MAX_FILEPATH must be at least 256
+static_assert(PX4_MAX_FILEPATH >= 256, "PX4_MAX_FILEPATH must be at least 256 bytes for log file paths");
+
 MavlinkLogHandler::MavlinkLogHandler(Mavlink &mavlink)
 	: _mavlink(mavlink)
 {}
@@ -174,7 +178,9 @@ void MavlinkLogHandler::state_listing()
 		char filepath[PX4_MAX_FILEPATH];
 
 		// If parsed lined successfully, send the entry
-		if (sscanf(line, "%" PRIu32 " %" PRIu32 " %1023s", &time_utc, &size_bytes, filepath) != 3) {
+		// Note: Using %255s to safely read into filepath buffer (max 255 chars + null terminator)
+		// This is conservative but safe across all platforms regardless of PX4_MAX_FILEPATH value
+		if (sscanf(line, "%" PRIu32 " %" PRIu32 " %255s", &time_utc, &size_bytes, filepath) != 3) {
 			PX4_DEBUG("sscanf failed");
 			continue;
 		}