From 427903f6b68d29bbea7921d4cd0cd97a01558abc Mon Sep 17 00:00:00 2001 From: Damian Krolik Date: Wed, 6 Mar 2024 13:11:04 +0100 Subject: [PATCH] [nrf noup] Do not crash if CommandHandler fails to allocate packet CommandHandler uses VerifyOrDie when adding a status to be sent to the requestor. If the device runs out packet buffers and CommandHandler fails to allocate a packet for the status, the device crashes. Triggering the crash requires many commands to arrive in the device around the same time, which is probably rare but possible. Signed-off-by: Damian Krolik --- src/app/CommandHandler.cpp | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/app/CommandHandler.cpp b/src/app/CommandHandler.cpp index 8fd13bab72..127e8f5a84 100644 --- a/src/app/CommandHandler.cpp +++ b/src/app/CommandHandler.cpp @@ -467,7 +467,17 @@ void CommandHandler::AddStatus(const ConcreteCommandPath & aCommandPath, const P { // Return prematurely in case of requests targeted to a group that should not add the status for response purposes. VerifyOrReturn(!IsGroupRequest()); - VerifyOrDie(FallibleAddStatus(aCommandPath, aStatus, context) == CHIP_NO_ERROR); + + CHIP_ERROR error = FallibleAddStatus(aCommandPath, aStatus, context); + + if (error != CHIP_NO_ERROR) + { + ChipLogError(DataManagement, "Failed to add command status: %" CHIP_ERROR_FORMAT, error.Format()); + + // Do not crash if the status has not been added due to running out of packet buffers or other resources. + // It is better to drop a single response than to go offline and lose all sessions and subscriptions. + VerifyOrDie(error == CHIP_ERROR_NO_MEMORY); + } } CHIP_ERROR CommandHandler::FallibleAddStatus(const ConcreteCommandPath & path, const Protocols::InteractionModel::Status status,