From cb96904a5c059d8d6a6dbc0843e9219e39221052 Mon Sep 17 00:00:00 2001 From: MichaelDvP Date: Fri, 13 Mar 2026 10:15:00 +0100 Subject: [PATCH] fix custom brand use after free of c_str() in json. --- src/core/emsdevice.cpp | 14 +++++++------- src/core/emsdevice.h | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/core/emsdevice.cpp b/src/core/emsdevice.cpp index 4296e599c..20d338584 100644 --- a/src/core/emsdevice.cpp +++ b/src/core/emsdevice.cpp @@ -104,9 +104,9 @@ const char * EMSdevice::uom_to_string(uint8_t uom) { } } -const char * EMSdevice::brand_to_char() { +std::string EMSdevice::brand_to_char() { if (!custom_brand().empty()) { - return custom_brand().c_str(); + return custom_brand(); } switch (brand_) { case EMSdevice::Brand::BOSCH: @@ -331,15 +331,15 @@ uint8_t EMSdevice::decode_brand(uint8_t value) { std::string EMSdevice::to_string() { // for devices that haven't been lookup yet, don't show all details if (product_id_ == 0) { - return std::string(name()) + " (DeviceID:" + Helpers::hextoa(device_id_) + ")"; + return name() + " (DeviceID:" + Helpers::hextoa(device_id_) + ")"; } if (brand_ == Brand::NO_BRAND && custom_brand().empty()) { - return std::string(name()) + " (DeviceID:" + Helpers::hextoa(device_id_) + ", ProductID:" + Helpers::itoa(product_id_) + ", Version:" + version_ + ")"; + return name() + " (DeviceID:" + Helpers::hextoa(device_id_) + ", ProductID:" + Helpers::itoa(product_id_) + ", Version:" + version_ + ")"; } - return std::string(brand_to_char()) + " " + name() + " (DeviceID:" + Helpers::hextoa(device_id_) + ", ProductID:" + Helpers::itoa(product_id_) - + ", Version:" + version_ + ")"; + return brand_to_char() + " " + name() + " (DeviceID:" + Helpers::hextoa(device_id_) + ", ProductID:" + Helpers::itoa(product_id_) + ", Version:" + version_ + + ")"; } // returns string of EMS device version and productID @@ -2160,7 +2160,7 @@ void EMSdevice::mqtt_ha_entity_config_create() { if (!dv.has_state(DeviceValueState::DV_HA_CONFIG_CREATED) && dv.has_state(DeviceValueState::DV_ACTIVE) && !dv.has_state(DeviceValueState::DV_API_MQTT_EXCLUDE)) { // create_device_config is only done once for the EMS device. It can added to any entity, so we take the first - if (Mqtt::publish_ha_sensor_config_dv(dv, name().c_str(), std::string(brand_to_char()).c_str(), to_string_version().c_str(), false, create_device_config)) { + if (Mqtt::publish_ha_sensor_config_dv(dv, name().c_str(), brand_to_char().c_str(), to_string_version().c_str(), false, create_device_config)) { dv.add_state(DeviceValueState::DV_HA_CONFIG_CREATED); create_device_config = false; // only create the main config once count++; diff --git a/src/core/emsdevice.h b/src/core/emsdevice.h index 555f9d738..eb7e9c2a9 100644 --- a/src/core/emsdevice.h +++ b/src/core/emsdevice.h @@ -63,7 +63,7 @@ class EMSdevice { const char * device_type_2_device_name_translated(); // returns translated device type name bool has_tags(const int8_t tag) const; bool has_cmd(const char * cmd, const int8_t id) const; - const char * brand_to_char(); + std::string brand_to_char(); std::string to_string(); std::string to_string_short(); std::string to_string_version();