From 3b0bb1144513cd41f84cd462f85292fed2f5e9de Mon Sep 17 00:00:00 2001
From: Hayden Riddiford <hayden@terrakaffe.com>
Date: Thu, 16 Oct 2025 13:01:13 -0700
Subject: [PATCH] - Fixed undefined behavior with calling memcpy on nullptr -
 Fixed memory leak in aflib

---
 af_command.c |  4 +++-
 af_lib.c     | 16 +++++++++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/af_command.c b/af_command.c
index 6bf5f6c..9857c98 100644
--- a/af_command.c
+++ b/af_command.c
@@ -187,7 +187,9 @@ uint16_t af_command_get_value_len(af_command_t *af_command) {
 }
 
 void af_command_get_value(af_command_t *af_command, uint8_t *value) {
-    memcpy(value, af_command->value, af_command->value_len);
+    if(af_command->value_len > 0) {
+        memcpy(value, af_command->value, af_command->value_len);
+    }
 }
 
 const uint8_t *af_command_get_value_pointer(af_command_t *af_command) {
diff --git a/af_lib.c b/af_lib.c
index 74b6676..5154f6c 100644
--- a/af_lib.c
+++ b/af_lib.c
@@ -250,6 +250,19 @@ static int queue_get(af_lib_t *af_lib, uint8_t *message_type, uint8_t *request_i
     return AF_ERROR_QUEUE_UNDERFLOW;
 }
 
+/**
+ * queue_free
+ *
+ * Empty queue and free any allocated memory associated with it
+ */
+static void queue_free() {
+    while (AF_QUEUE_PEEK_FROM_INTERRUPT(&s_request_queue)) {
+        request_t *p_event = (request_t *)AF_QUEUE_GET_FROM_INTERRUPT(&s_request_queue);
+        af_free(p_event->value);
+        AF_QUEUE_ELEM_FREE_FROM_INTERRUPT(&s_request_queue, p_event);
+    }
+}
+
 static void dump_queue_element(void* elem) {
     uint16_t i = 0;
     request_t *p_event = (request_t*)elem;
@@ -1002,6 +1015,7 @@ af_lib_t* af_lib_create(attr_set_handler_t attr_set, attr_notify_handler_t attr_
 }
 
 void af_lib_destroy(af_lib_t* af_lib) {
+    queue_free();
     af_status_command_cleanup(&af_lib->tx_status);
     af_status_command_cleanup(&af_lib->rx_status);
     free(af_lib->asr_capability);
@@ -1054,7 +1068,7 @@ void af_lib_loop(af_lib_t *af_lib) {
  * loop() for the operation to complete.
  */
 af_lib_error_t af_lib_get_attribute(af_lib_t *af_lib, const uint16_t attr_id) {
-    uint8_t dummy; // This value isn't actually used.
+    uint8_t dummy = 0; // This value isn't actually used.
     af_lib->request_id++;
     return queue_put(af_lib, MSG_TYPE_GET, af_lib->request_id, attr_id, 0, &dummy, 0, 0);
 }