From 6a3c66eafa8b0cffc85b0a092af901b3669a48c2 Mon Sep 17 00:00:00 2001
From: Michael Zillgith <michael.zillgith@mz-automation.de>
Date: Fri, 4 Sep 2020 18:26:09 +0200
Subject: [PATCH] - fixed bug in MmsConnection_readMultipleVariables: send
 invaid messsage and memory access errors when too many items are passed to
 the function exhausting MMS payload size

---
 src/mms/iso_mms/client/mms_client_connection.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/mms/iso_mms/client/mms_client_connection.c b/src/mms/iso_mms/client/mms_client_connection.c
index 698b8f71..e5d0d5e0 100644
--- a/src/mms/iso_mms/client/mms_client_connection.c
+++ b/src/mms/iso_mms/client/mms_client_connection.c
@@ -2447,15 +2447,19 @@ MmsConnection_readMultipleVariablesAsync(MmsConnection self, MmsError* mmsError,
 
     invokeId = getNextInvokeId(self);
 
-    mmsClient_createReadRequestMultipleValues(invokeId, domainId, items, payload);
-
-    MmsClientInternalParameter intParam;
-    intParam.ptr = NULL;
+    if (mmsClient_createReadRequestMultipleValues(invokeId, domainId, items, payload) > 0) {
+        MmsClientInternalParameter intParam;
+        intParam.ptr = NULL;
 
-    MmsError err = sendAsyncRequest(self, invokeId, payload, MMS_CALL_TYPE_READ_MULTIPLE_VARIABLES, handler, parameter, intParam);
+        MmsError err = sendAsyncRequest(self, invokeId, payload, MMS_CALL_TYPE_READ_MULTIPLE_VARIABLES, handler, parameter, intParam);
 
-    if (mmsError)
-        *mmsError = err;
+        if (mmsError)
+            *mmsError = err;
+    }
+    else {
+        if (mmsError)
+            *mmsError = MMS_ERROR_RESOURCE_CAPABILITY_UNAVAILABLE;
+    }
 
 exit_function:
     return invokeId;