When a data overrun occurs because the MQTT OTA data buffer is full before its content can be processed by update() then we transition to OTAState::Error and set OTAError::ReceivedDataOverrun

aentinger · aentinger · commit 6a8b5975059d · 2020-05-05T06:37:56.000+02:00
diff --git a/extras/test/src/test_OTALogic.cpp b/extras/test/src/test_OTALogic.cpp
@@ -49,7 +49,7 @@ void simulateOTABinaryReception(OTALogic & ota_logic, OTAData const & ota_test_d
    TEST CODE
  **************************************************************************************/
 
-TEST_CASE("OTAStorage initialisation fails ", "[OTAStorage::init() -> returns false]")
+TEST_CASE("OTAStorage initialisation fails", "[OTAStorage::init() -> returns false]")
 {
   Mock<OTAStorage> ota_storage;
 
@@ -81,7 +81,7 @@ TEST_CASE("OTAStorage initialisation fails ", "[OTAStorage::init() -> returns fa
 
 /**************************************************************************************/
 
-TEST_CASE("OTAStorage opening of storage file fails ", "[OTAStorage::open() -> returns false]")
+TEST_CASE("OTAStorage opening of storage file fails", "[OTAStorage::open() -> returns false]")
 {
   Mock<OTAStorage> ota_storage;
 
@@ -117,7 +117,7 @@ TEST_CASE("OTAStorage opening of storage file fails ", "[OTAStorage::open() -> r
 
 /**************************************************************************************/
 
-TEST_CASE("OTAStorage writing to storage file fails ", "[OTAStorage::write() -> fails]")
+TEST_CASE("OTAStorage writing to storage file fails", "[OTAStorage::write() -> fails]")
 {
   Mock<OTAStorage> ota_storage;
 
@@ -152,6 +152,42 @@ TEST_CASE("OTAStorage writing to storage file fails ", "[OTAStorage::write() ->
 
 /**************************************************************************************/
 
+TEST_CASE("Data overrun due to receiving too much data", "[OTALogic - Data Overrun]")
+{
+  Mock<OTAStorage> ota_storage;
+
+  /* Configure mock object */
+  When(Method(ota_storage, init)).Return(true);
+  When(Method(ota_storage, open)).Return(true);
+  When(Method(ota_storage, write)).AlwaysDo([](uint8_t const * const /* buf */, size_t const num_bytes) -> size_t { return num_bytes; });
+  Fake(Method(ota_storage, close));
+  Fake(Method(ota_storage, remove));
+  Fake(Method(ota_storage, deinit));
+
+
+  /* Perform test */
+  OTALogic ota_logic(ota_storage.get());
+
+  WHEN("Too much data is received before OTALogic::update() is called again to process the incoming data")
+  {
+    uint8_t const SOME_FAKE_DATA[MQTT_OTA_BUF_SIZE] = {0};
+    ota_logic.onOTADataReceived(SOME_FAKE_DATA, MQTT_OTA_BUF_SIZE);
+    ota_logic.onOTADataReceived(SOME_FAKE_DATA, MQTT_OTA_BUF_SIZE);
+    ota_logic.update();
+
+    THEN("The OTA logic should be in the 'Error' state")
+    {
+      REQUIRE(ota_logic.state()  == OTAState::Error);
+    }
+    THEN("The OTA error should be set to OTAError::ReceivedDataOverrun")
+    {
+      REQUIRE(ota_logic.error() == OTAError::ReceivedDataOverrun);
+    }
+  }
+}
+
+/**************************************************************************************/
+
 TEST_CASE("Valid OTA data is received ", "[OTALogic]")
 {
   Mock<OTAStorage> ota_storage;
diff --git a/src/utility/ota/OTALogic.cpp b/src/utility/ota/OTALogic.cpp
@@ -85,9 +85,16 @@ OTAError OTALogic::update()
 void OTALogic::onOTADataReceived(uint8_t const * const data, size_t const length)
 {
   size_t const bytes_available = (MQTT_OTA_BUF_SIZE - _mqtt_ota_buf.num_bytes);
-  size_t const bytes_to_copy = min(bytes_available, length);
-  memcpy(_mqtt_ota_buf.buf + _mqtt_ota_buf.num_bytes, data, bytes_to_copy);
-  _mqtt_ota_buf.num_bytes += bytes_to_copy;
+  if(length <= bytes_available)
+  {
+    memcpy(_mqtt_ota_buf.buf + _mqtt_ota_buf.num_bytes, data, length);
+    _mqtt_ota_buf.num_bytes += length;
+  }
+  else
+  {
+    _ota_state = OTAState::Error;
+    _ota_error = OTAError::ReceivedDataOverrun;
+  }
 }
 
 /******************************************************************************
diff --git a/src/utility/ota/OTALogic.h b/src/utility/ota/OTALogic.h
@@ -43,11 +43,12 @@ enum class OTAState
 
 enum class OTAError : int
 {
-  None               = 0,
-  StorageInitFailed  = 1,
-  StorageOpenFailed  = 2,
-  StorageWriteFailed = 3,
-  ChecksumMismatch   = 4
+  None                = 0,
+  StorageInitFailed   = 1,
+  StorageOpenFailed   = 2,
+  StorageWriteFailed  = 3,
+  ChecksumMismatch    = 4,
+  ReceivedDataOverrun = 5
 };
 
 /******************************************************************************
