MQTT Decoding of remaining length
Submitted by Alexander Kaiser
Link to original bug (#546045)
Description
While using the MQTT ProtocolModule for sending and receiving large payloads I discovered a bug in the decoding of the remaining length field. The decoding works perfectly fine for remaining lengths encoded as 1, 2 and 3 bytes, but fails for 4 bytes. I was able to pinpoint the reason in negative_testing/MQTT_v3_1_1_EncDec.cc
However, this bug seems to originate from the MQTT v3.1.1 specification itself and is already fixed in the MQTT v5 specification.
Compare: http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718023 and http://docs.oasis-open.org/mqtt/mqtt/v5.0/csprd01/mqtt-v5.0-csprd01.html#_Toc489530042
I couldn't find any bug report to the specification so far. But, Mosquitto, for example, does solve already the problem with a simple counter. (https://github.com/eclipse/mosquitto/blob/master/lib/packet_mosq.c)