Skip to content

Fix nRF firmware minor findings and config-read chunk cap (MJ-14)#4

Open
balloob wants to merge 1 commit into
OpenDisplay:mainfrom
balloob:fix/nrf-minors-and-config-read-cap
Open

Fix nRF firmware minor findings and config-read chunk cap (MJ-14)#4
balloob wants to merge 1 commit into
OpenDisplay:mainfrom
balloob:fix/nrf-minors-and-config-read-cap

Conversation

@balloob

@balloob balloob commented Jul 6, 2026

Copy link
Copy Markdown

Batch of small nRF firmware fixes, matching the Silabs firmware where a companion behavior exists.

  • MJ-14: config-read chunk cap now derived from MAX_CONFIG_SIZE. handle_read_config capped reads at a magic 10 chunks. MAX_CONFIG_SIZE is 512, so the old cap (~958 B usable) already covered a full config, but the magic number was fragile. The cap is now computed as ceil(MAX_CONFIG_SIZE / (MAX_RESPONSE_DATA_SIZE - 6)), guaranteeing a full config is always readable and staying correct if either constant changes. The client already loops until it has total bytes.
  • Chunked-config total_size sanity check. The chunked-config first packet now NACKs an invalid total_size (== 0 or > MAX_CONFIG_SIZE), mirroring the Silabs firmware (opendisplay_pipe.c). Previously a bogus huge size just never completed (bounded elsewhere, non-exploitable, but now fails fast).
  • enc_buf sized to MAX_ENCRYPTED_PACKET_SIZE (542). send_response's enc_buf was [512] while the declared max encrypted packet is 542, a latent overflow if a max-size encrypted response were ever produced. Now sized to the constant.
  • END refresh-mode byte documented (skipped). Silabs honors the direct-write END refresh-mode byte (payload[0]==1 -> fast). The nRF EPD driver exposes only a single full-refresh entry point (epd_driver_t.refresh takes no mode argument; SSD16xx_Refresh/UC81xx_Refresh always do a full refresh with no fast LUT), so this can't be honored without a driver API change. Added a clear comment rather than faking it.

Note: MJ-14 also needs the companion config-read cap raise in the Silabs and Arduino firmwares.

Build: no arm-none-eabi-gcc/SDK available in this environment; changes host syntax-checked and the cap/size arithmetic verified (enc_buf 542 B; derived cap covers 512 B).

🤖 Generated with Claude Code

https://claude.ai/code/session_012g2e8mr132vcizx92WsgiR

- MJ-14: derive the config-read chunk cap from MAX_CONFIG_SIZE instead of a
  magic 10, so a full config is always readable and the cap stays correct if
  the constants change.
- Add the total_size sanity check (0 / > MAX_CONFIG_SIZE) NACK on the
  chunked-config first packet, mirroring the Silabs firmware.
- Size enc_buf to MAX_ENCRYPTED_PACKET_SIZE (542) instead of 512 to remove a
  latent overflow if a max-size encrypted response is ever produced.
- Document why the direct-write END refresh-mode byte is not honored on nRF
  (driver exposes only a single full-refresh entry point).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_012g2e8mr132vcizx92WsgiR
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant