Address review comments

Author: pidarped

src/ble/tests/TestBtpEngine.cpp

@@ -65,7 +65,7 @@ TEST_F(TestBtpEngine, HandleCharacteristicReceivedOnePacket)
     };
 
     auto packet0 = System::PacketBufferHandle::NewWithData(packetData0, sizeof(packetData0));
-    EXPECT_EQ(packet0->DataLength(), 5);
+    EXPECT_EQ(packet0->DataLength(), static_cast<size_t>(5));
 
     SequenceNumber_t receivedAck;
     bool didReceiveAck;
@@ -79,15 +79,15 @@ TEST_F(TestBtpEngine, HandleCharacteristicReceivedTwoPacket)
     constexpr uint8_t packetData1[] = { to_underlying(BtpEngine::HeaderFlags::kEndMessage), 0x02, 0xff };
 
     auto packet0 = System::PacketBufferHandle::NewWithData(packetData0, sizeof(packetData0));
-    EXPECT_EQ(packet0->DataLength(), 5);
+    EXPECT_EQ(packet0->DataLength(), static_cast<size_t>(5));
 
     SequenceNumber_t receivedAck;
     bool didReceiveAck;
     EXPECT_EQ(mBtpEngine.HandleCharacteristicReceived(std::move(packet0), receivedAck, didReceiveAck), CHIP_NO_ERROR);
     EXPECT_EQ(mBtpEngine.RxState(), BtpEngine::kState_InProgress);
 
     auto packet1 = System::PacketBufferHandle::NewWithData(packetData1, sizeof(packetData1));
-    EXPECT_EQ(packet1->DataLength(), 3);
+    EXPECT_EQ(packet1->DataLength(), static_cast<size_t>(3));
 
     EXPECT_EQ(mBtpEngine.HandleCharacteristicReceived(std::move(packet1), receivedAck, didReceiveAck), CHIP_NO_ERROR);
     EXPECT_EQ(mBtpEngine.RxState(), BtpEngine::kState_Complete);
@@ -100,21 +100,21 @@ TEST_F(TestBtpEngine, HandleCharacteristicReceivedThreePacket)
     constexpr uint8_t packetData2[] = { to_underlying(BtpEngine::HeaderFlags::kEndMessage), 0x03, 0xff };
 
     auto packet0 = System::PacketBufferHandle::NewWithData(packetData0, sizeof(packetData0));
-    EXPECT_EQ(packet0->DataLength(), 5);
+    EXPECT_EQ(packet0->DataLength(), static_cast<size_t>(5));
 
     SequenceNumber_t receivedAck;
     bool didReceiveAck;
     EXPECT_EQ(mBtpEngine.HandleCharacteristicReceived(std::move(packet0), receivedAck, didReceiveAck), CHIP_NO_ERROR);
     EXPECT_EQ(mBtpEngine.RxState(), BtpEngine::kState_InProgress);
 
     auto packet1 = System::PacketBufferHandle::NewWithData(packetData1, sizeof(packetData1));
-    EXPECT_EQ(packet1->DataLength(), 3);
+    EXPECT_EQ(packet1->DataLength(), static_cast<size_t>(3));
 
     EXPECT_EQ(mBtpEngine.HandleCharacteristicReceived(std::move(packet1), receivedAck, didReceiveAck), CHIP_NO_ERROR);
     EXPECT_EQ(mBtpEngine.RxState(), BtpEngine::kState_InProgress);
 
     auto packet2 = System::PacketBufferHandle::NewWithData(packetData2, sizeof(packetData2));
-    EXPECT_EQ(packet2->DataLength(), 3);
+    EXPECT_EQ(packet2->DataLength(), static_cast<size_t>(3));
 
     EXPECT_EQ(mBtpEngine.HandleCharacteristicReceived(std::move(packet2), receivedAck, didReceiveAck), CHIP_NO_ERROR);
     EXPECT_EQ(mBtpEngine.RxState(), BtpEngine::kState_Complete);
@@ -131,7 +131,7 @@ TEST_F(TestBtpEngine, HandleCharacteristicSendOnePacket)
 
     EXPECT_TRUE(mBtpEngine.HandleCharacteristicSend(packet0.Retain(), false));
     EXPECT_EQ(mBtpEngine.TxState(), BtpEngine::kState_Complete);
-    EXPECT_EQ(packet0->DataLength(), 5);
+    EXPECT_EQ(packet0->DataLength(), static_cast<size_t>(5));
 }
 
 TEST_F(TestBtpEngine, HandleCharacteristicSendTwoPacket)
@@ -145,11 +145,11 @@ TEST_F(TestBtpEngine, HandleCharacteristicSendTwoPacket)
 
     EXPECT_TRUE(mBtpEngine.HandleCharacteristicSend(packet0.Retain(), false));
     EXPECT_EQ(mBtpEngine.TxState(), BtpEngine::kState_InProgress);
-    EXPECT_EQ(packet0->DataLength(), 20);
+    EXPECT_EQ(packet0->DataLength(), static_cast<size_t>(20));
 
     EXPECT_TRUE(mBtpEngine.HandleCharacteristicSend(nullptr, false));
     EXPECT_EQ(mBtpEngine.TxState(), BtpEngine::kState_Complete);
-    EXPECT_EQ(packet0->DataLength(), 16);
+    EXPECT_EQ(packet0->DataLength(), static_cast<size_t>(16));
 }
 
 // Send 40-byte payload.
@@ -167,15 +167,15 @@ TEST_F(TestBtpEngine, HandleCharacteristicSendThreePacket)
 
     EXPECT_TRUE(mBtpEngine.HandleCharacteristicSend(packet0.Retain(), false));
     EXPECT_EQ(mBtpEngine.TxState(), BtpEngine::kState_InProgress);
-    EXPECT_EQ(packet0->DataLength(), 20);
+    EXPECT_EQ(packet0->DataLength(), static_cast<size_t>(20));
 
     EXPECT_TRUE(mBtpEngine.HandleCharacteristicSend(nullptr, false));
     EXPECT_EQ(mBtpEngine.TxState(), BtpEngine::kState_InProgress);
-    EXPECT_EQ(packet0->DataLength(), 20);
+    EXPECT_EQ(packet0->DataLength(), static_cast<size_t>(20));
 
     EXPECT_TRUE(mBtpEngine.HandleCharacteristicSend(nullptr, false));
     EXPECT_EQ(mBtpEngine.TxState(), BtpEngine::kState_Complete);
-    EXPECT_EQ(packet0->DataLength(), 8);
+    EXPECT_EQ(packet0->DataLength(), static_cast<size_t>(8));
 }
 
 } // namespace

src/inet/TCPEndPointImplLwIP.cpp

@@ -508,7 +508,7 @@ CHIP_ERROR TCPEndPointImplLwIP::AckReceive(size_t len)
     VerifyOrReturnError(IsConnected(), CHIP_ERROR_INCORRECT_STATE);
     CHIP_ERROR res = CHIP_NO_ERROR;
 
-    VerifyOrReturnError(len < UINT16_MAX, CHIP_ERROR_INVALID_ARGUMENT);
+    VerifyOrReturnError(len <= UINT16_MAX, CHIP_ERROR_INVALID_ARGUMENT);
 
     // Lock LwIP stack
     LOCK_TCPIP_CORE();

src/inet/TCPEndPointImplSockets.cpp

@@ -483,7 +483,7 @@ CHIP_ERROR TCPEndPointImplSockets::DriveSendingImpl()
 
     while (!mSendQueue.IsNull())
     {
-        uint32_t bufLen = static_cast<uint32_t>(mSendQueue->DataLength());
+        size_t bufLen = mSendQueue->DataLength();
 
         ssize_t lenSentRaw = send(mSocket, mSendQueue->Start(), bufLen, sendFlags);
 
@@ -496,14 +496,14 @@ CHIP_ERROR TCPEndPointImplSockets::DriveSendingImpl()
             break;
         }
 
-        if (lenSentRaw < 0 || bufLen < static_cast<uint32_t>(lenSentRaw))
+        if (lenSentRaw < 0 || bufLen < static_cast<size_t>(lenSentRaw))
         {
             err = CHIP_ERROR_INCORRECT_STATE;
             break;
         }
 
         // Cast is safe because bufLen is uint32_t.
-        uint32_t lenSent = static_cast<uint32_t>(lenSentRaw);
+        size_t lenSent = static_cast<size_t>(lenSentRaw);
 
         // Mark the connection as being active.
         MarkActive();

src/inet/UDPEndPointImplOpenThread.cpp

@@ -225,7 +225,7 @@ CHIP_ERROR UDPEndPointImplOT::SendMsgImpl(const IPPacketInfo * aPktInfo, System:
     otMessageInfo messageInfo;
 
     // For now the entire message must fit within a single buffer.
-    VerifyOrReturnError(!msg->HasChainedBuffer(), CHIP_ERROR_MESSAGE_TOO_LONG);
+    VerifyOrReturnError(!msg->HasChainedBuffer() && msg->DataLength() <= UINT16_MAX, CHIP_ERROR_MESSAGE_TOO_LONG);
 
     memset(&messageInfo, 0, sizeof(messageInfo));
 

src/inet/UDPEndPointImplSockets.cpp

@@ -610,7 +610,7 @@ void UDPEndPointImplSockets::HandlePendingIO(System::SocketEvents events)
 
         ssize_t rcvLen = recvmsg(mSocket, &msgHeader, MSG_DONTWAIT);
 
-        if (rcvLen < 0)
+        if (rcvLen == -1)
         {
             lStatus = CHIP_ERROR_POSIX(errno);
         }

src/lib/core/tests/TestTLV.cpp

@@ -272,12 +272,12 @@ void TestDupBytes(nlTestSuite * inSuite, TLVReader & reader, Tag tag, const uint
 }
 
 void TestBufferContents(nlTestSuite * inSuite, const System::PacketBufferHandle & buffer, const uint8_t * expectedVal,
-                        uint32_t expectedLen)
+                        size_t expectedLen)
 {
     System::PacketBufferHandle buf = buffer.Retain();
     while (!buf.IsNull())
     {
-        uint32_t len = static_cast<uint32_t>(buf->DataLength());
+        size_t len = buf->DataLength();
         NL_TEST_ASSERT(inSuite, len <= expectedLen);
 
         NL_TEST_ASSERT(inSuite, memcmp(buf->Start(), expectedVal, len) == 0);

src/messaging/tests/echo/echo_requester.cpp

@@ -183,7 +183,7 @@ void HandleEchoResponseReceived(chip::Messaging::ExchangeContext * ec, chip::Sys
 
     gEchoRespCount++;
 
-    printf("Echo Response: %" PRIu64 "/%" PRIu64 "(%.2f%%) len=%u time=%.3fs\n", gEchoRespCount, gEchoCount,
+    printf("Echo Response: %" PRIu64 "/%" PRIu64 "(%.2f%%) len=%" PRIu32 "time=%.3fs\n", gEchoRespCount, gEchoCount,
            static_cast<double>(gEchoRespCount) * 100 / static_cast<double>(gEchoCount),
            static_cast<uint32_t>(payload->DataLength()),
            static_cast<double>(chip::System::Clock::Milliseconds32(transitTime).count()) / 1000);

src/messaging/tests/echo/echo_responder.cpp

@@ -49,7 +49,7 @@ chip::SessionHolder gSession;
 // Callback handler when a CHIP EchoRequest is received.
 void HandleEchoRequestReceived(chip::Messaging::ExchangeContext * ec, chip::System::PacketBufferHandle && payload)
 {
-    printf("Echo Request, len=%u ... sending response.\n", static_cast<uint32_t>(payload->DataLength()));
+    printf("Echo Request, len=%" PRIu32 "... sending response.\n", static_cast<uint32_t>(payload->DataLength()));
 }
 
 } // namespace

src/platform/ESP32/nimble/BLEManagerImpl.cpp

@@ -575,6 +575,10 @@ bool BLEManagerImpl::SendIndication(BLE_CONNECTION_OBJECT conId, const ChipBleUU
 
     ESP_LOGD(TAG, "Sending indication for CHIPoBLE TX characteristic (con %u, len %u)", conId, data->DataLength());
 
+    // For BLE, the buffer is capped at UINT16_MAX. Nevertheless, have a verify
+    // check before the cast to uint16_t.
+    VerifyOrExit(data->DataLength() <= UINT16_MAX, err = CHIP_ERROR_MESSAGE_TOO_LONG);
+
     om = ble_hs_mbuf_from_flat(data->Start(), static_cast<uint16_t>(data->DataLength()));
     if (om == NULL)
     {

src/platform/Zephyr/BLEManagerImpl.cpp

@@ -659,7 +659,8 @@ bool BLEManagerImpl::SendIndication(BLE_CONNECTION_OBJECT conId, const ChipBleUU
     params->attr = &sChipoBleAttributes[kCHIPoBLE_CCC_AttributeIndex];
     params->func = HandleTXIndicated;
     params->data = pBuf->Start();
-    params->len  = static_cast<uint16_t>(pBuf->DataLength());
+    VerifyOrExit(pBuf->DataLength() <= UINT16_MAX, err = CHIP_ERROR_MESSAGE_TOO_LONG);
+    params->len = static_cast<uint16_t>(pBuf->DataLength());
 
     status = bt_gatt_indicate(conId, params);
     VerifyOrExit(status == 0, err = MapErrorZephyr(status));
@@ -837,6 +838,8 @@ ssize_t BLEManagerImpl::HandleC3Read(struct bt_conn * conId, const struct bt_gat
         return 0;
     }
 
+    // For BLE, the max payload size is limited to UINT16_MAX since the length
+    // field is 2 bytes long. So, the cast to uint16_t should be fine.
     return bt_gatt_attr_read(conId, attr, buf, len, offset, sInstance.c3CharDataBufferHandle->Start(),
                              static_cast<uint16_t>(sInstance.c3CharDataBufferHandle->DataLength()));
 }

src/platform/bouffalolab/common/BLEManagerImpl.cpp

@@ -669,7 +669,10 @@ bool BLEManagerImpl::SendIndication(BLE_CONNECTION_OBJECT conId, const ChipBleUU
     params->attr = &sChipoBleAttributes[kCHIPoBLE_CCC_AttributeIndex];
     params->func = HandleTXIndicated;
     params->data = pBuf->Start();
-    params->len  = static_cast<uint16_t>(pBuf->DataLength());
+    // For BLE, the buffer is capped at UINT16_MAX. Nevertheless, have a verify
+    // check before the cast to uint16_t.
+    VerifyOrExit(pBuf->DataLength() <= UINT16_MAX, err = CHIP_ERROR_MESSAGE_TOO_LONG);
+    params->len = static_cast<uint16_t>(pBuf->DataLength());
 
     status = bt_gatt_indicate(conId, params);
     VerifyOrExit(status == 0, err = MapErrorZephyr(status));

src/platform/mbed/BLEManagerImpl.cpp

@@ -984,6 +984,9 @@ bool BLEManagerImpl::SendIndication(BLE_CONNECTION_OBJECT conId, const ChipBleUU
     ble::GattServer & gatt_server = ble::BLE::Instance().gattServer();
     ble::attribute_handle_t att_handle;
 
+    // For BLE, the buffer is capped at UINT16_MAX.
+    VerifyOrExit(pBuf->DataLength() <= UINT16_MAX, err = CHIP_ERROR_MESSAGE_TOO_LONG);
+
     // No need to do anything fancy here. Only 3 handles are used in this impl.
     if (UUIDsMatch(charId, &ChipUUID_CHIPoBLEChar_TX))
     {

src/protocols/secure_channel/CASESession.cpp

@@ -1579,8 +1579,8 @@ CHIP_ERROR CASESession::HandleSigma3a(System::PacketBufferHandle && msg)
     TLV::TLVReader decryptedDataTlvReader;
     TLV::TLVType containerType = TLV::kTLVType_Structure;
 
-    const uint8_t * buf   = msg->Start();
-    const uint32_t bufLen = static_cast<uint32_t>(msg->DataLength());
+    const uint8_t * buf = msg->Start();
+    const size_t bufLen = msg->DataLength();
 
     constexpr size_t kCaseOverheadForFutureTbeData = 128;
 

src/system/SystemPacketBuffer.cpp

@@ -117,8 +117,8 @@ void PacketBuffer::InternalCheck(const PacketBuffer * buffer)
         VerifyOrDieWithMsg(::chip::Platform::MemoryDebugCheckPointer(buffer, buffer->alloc_size + kStructureSize), chipSystemLayer,
                            "invalid packet buffer pointer");
         VerifyOrDieWithMsg(buffer->alloc_size >= buffer->ReservedSize() + buffer->len, chipSystemLayer,
-                           "packet buffer overflow %u < %u+%u", static_cast<uint32_t>(buffer->alloc_size), buffer->ReservedSize(),
-                           static_cast<uint32_t>(buffer->len));
+                           "packet buffer overflow %" PRIu32 " < %" PRIu16 " +%" PRIu32, static_cast<uint32_t>(buffer->alloc_size),
+                           buffer->ReservedSize(), static_cast<uint32_t>(buffer->len));
     }
 }
 #endif // CHIP_SYSTEM_PACKETBUFFER_HAS_CHECK
@@ -137,7 +137,7 @@ void PacketBufferHandle::InternalRightSize()
     // Reallocate only if enough space will be saved.
     const uint8_t * const start   = mBuffer->ReserveStart();
     const uint8_t * const payload = mBuffer->Start();
-    const size_t usedSize         = static_cast<size_t>(static_cast<uint32_t>(payload - start) + mBuffer->len);
+    const size_t usedSize         = static_cast<size_t>(payload - start + static_cast<ptrdiff_t>(mBuffer->len));
     if (usedSize + kRightSizingThreshold > mBuffer->alloc_size)
     {
         return;
@@ -204,16 +204,20 @@ void PacketBuffer::SetStart(uint8_t * aNewStart)
         aNewStart = kEnd;
 
     ptrdiff_t lDelta = aNewStart - static_cast<uint8_t *>(this->payload);
-    if (lDelta > static_cast<int32_t>(this->len))
-        lDelta = static_cast<int32_t>(this->len);
+    if (lDelta > 0 && this->len < static_cast<size_t>(lDelta))
+        lDelta = static_cast<ptrdiff_t>(this->len);
 
 #if CHIP_SYSTEM_CONFIG_USE_LWIP
-    this->len     = static_cast<uint16_t>(static_cast<int32_t>(this->len) - lDelta);
-    this->tot_len = static_cast<uint16_t>(static_cast<int32_t>(this->tot_len) - lDelta);
+    VerifyOrDieWithMsg((static_cast<ptrdiff_t>(this->len) - lDelta) <= UINT16_MAX, chipSystemLayer,
+                       "LwIP buffer length cannot exceed UINT16_MAX");
+    this->len = static_cast<uint16_t>(static_cast<ptrdiff_t>(this->len) - lDelta);
+    VerifyOrDieWithMsg((static_cast<ptrdiff_t>(this->tot_len) - lDelta) <= UINT16_MAX, chipSystemLayer,
+                       "LwIP buffer length cannot exceed UINT16_MAX");
+    this->tot_len = static_cast<uint16_t>(static_cast<ptrdiff_t>(this->tot_len) - lDelta);
 #else
-    this->len     = static_cast<size_t>(static_cast<int32_t>(this->len) - lDelta);
-    this->tot_len = static_cast<size_t>(static_cast<int32_t>(this->tot_len) - lDelta);
-#endif
+    this->len     = static_cast<size_t>(static_cast<ptrdiff_t>(this->len) - lDelta);
+    this->tot_len = static_cast<size_t>(static_cast<ptrdiff_t>(this->tot_len) - lDelta);
+#endif // CHIP_SYSTEM_CONFIG_USE_LWIP
     this->payload = aNewStart;
 }
 
@@ -224,17 +228,18 @@ void PacketBuffer::SetDataLength(size_t aNewLen, PacketBuffer * aChainHead)
     if (aNewLen > kMaxDataLen)
         aNewLen = kMaxDataLen;
 
-    int32_t lDelta = static_cast<int32_t>(aNewLen) - static_cast<int32_t>(this->len);
+    ssize_t lDelta = static_cast<ssize_t>(aNewLen) - static_cast<ssize_t>(this->len);
 
 #if CHIP_SYSTEM_CONFIG_USE_LWIP
-    VerifyOrDieWithMsg(aNewLen < UINT16_MAX, chipSystemLayer, "LwIP buffer length cannot exceed UINT16_MAX");
-    this->len     = static_cast<uint16_t>(aNewLen);
-    this->tot_len = static_cast<uint16_t>(static_cast<int32_t>(this->tot_len) + lDelta);
+    VerifyOrDieWithMsg(aNewLen <= UINT16_MAX, chipSystemLayer, "LwIP buffer length cannot exceed UINT16_MAX");
+    this->len = static_cast<uint16_t>(aNewLen);
+    VerifyOrDieWithMsg((static_cast<ssize_t>(this->tot_len) + lDelta) <= UINT16_MAX, chipSystemLayer,
+                       "LwIP buffer length cannot exceed UINT16_MAX");
+    this->tot_len = static_cast<uint16_t>(static_cast<ssize_t>(this->tot_len) + lDelta);
 #else
     this->len     = aNewLen;
-    this->tot_len = static_cast<size_t>(static_cast<int32_t>(this->tot_len) + lDelta);
-#endif
-
+    this->tot_len = static_cast<size_t>(static_cast<ssize_t>(this->tot_len) + lDelta);
+#endif // CHIP_SYSTEM_CONFIG_USE_LWIP
     // SetDataLength is often called after a client finished writing to the buffer,
     // so it's a good time to check for possible corruption.
     Check(this);
@@ -243,9 +248,11 @@ void PacketBuffer::SetDataLength(size_t aNewLen, PacketBuffer * aChainHead)
     {
         Check(aChainHead);
 #if CHIP_SYSTEM_CONFIG_USE_LWIP
-        aChainHead->tot_len = static_cast<uint16_t>(static_cast<int32_t>(aChainHead->tot_len) + lDelta);
+        VerifyOrDieWithMsg((static_cast<ssize_t>(aChainHead->tot_len) + lDelta) <= UINT16_MAX, chipSystemLayer,
+                           "LwIP buffer length cannot exceed UINT16_MAX");
+        aChainHead->tot_len = static_cast<uint16_t>(static_cast<ssize_t>(aChainHead->tot_len) + lDelta);
 #else
-        aChainHead->tot_len = static_cast<size_t>(static_cast<int32_t>(aChainHead->tot_len) + lDelta);
+        aChainHead->tot_len = static_cast<size_t>(static_cast<ssize_t>(aChainHead->tot_len) + lDelta);
 #endif
         aChainHead = aChainHead->ChainedBuffer();
     }
@@ -348,6 +355,7 @@ void PacketBuffer::CompactHead()
         lNextPacket.payload = static_cast<uint8_t *>(lNextPacket.payload) + lMoveLength;
         lAvailLength        = lAvailLength - lMoveLength;
 #if CHIP_SYSTEM_CONFIG_USE_LWIP
+        VerifyOrDieWithMsg((this->len + lMoveLength) <= UINT16_MAX, chipSystemLayer, "LwIP buffer length cannot exceed UINT16_MAX");
         this->len           = static_cast<uint16_t>(this->len + lMoveLength);
         lNextPacket.len     = static_cast<uint16_t>(lNextPacket.len - lMoveLength);
         lNextPacket.tot_len = static_cast<uint16_t>(lNextPacket.tot_len - lMoveLength);

src/system/TLVPacketBufferBackingStore.cpp

@@ -31,7 +31,8 @@ namespace System {
 CHIP_ERROR TLVPacketBufferBackingStore::OnInit(chip::TLV::TLVReader & reader, const uint8_t *& bufStart, uint32_t & bufLen)
 {
     bufStart = mHeadBuffer->Start();
-    bufLen   = static_cast<uint32_t>(mHeadBuffer->DataLength());
+    VerifyOrReturnError(CanCastTo<uint32_t>(mHeadBuffer->DataLength()), CHIP_ERROR_INVALID_ARGUMENT);
+    bufLen = static_cast<uint32_t>(mHeadBuffer->DataLength());
     return CHIP_NO_ERROR;
 }
 
@@ -54,7 +55,8 @@ CHIP_ERROR TLVPacketBufferBackingStore::GetNextBuffer(chip::TLV::TLVReader & rea
     else
     {
         bufStart = mCurrentBuffer->Start();
-        bufLen   = static_cast<uint32_t>(mCurrentBuffer->DataLength());
+        VerifyOrReturnError(CanCastTo<uint32_t>(mCurrentBuffer->DataLength()), CHIP_ERROR_INVALID_ARGUMENT);
+        bufLen = static_cast<uint32_t>(mCurrentBuffer->DataLength());
     }
 
     return CHIP_NO_ERROR;
@@ -63,7 +65,8 @@ CHIP_ERROR TLVPacketBufferBackingStore::GetNextBuffer(chip::TLV::TLVReader & rea
 CHIP_ERROR TLVPacketBufferBackingStore::OnInit(chip::TLV::TLVWriter & writer, uint8_t *& bufStart, uint32_t & bufLen)
 {
     bufStart = mHeadBuffer->Start() + mHeadBuffer->DataLength();
-    bufLen   = static_cast<uint32_t>(mHeadBuffer->AvailableDataLength());
+    VerifyOrReturnError(CanCastTo<uint32_t>(mHeadBuffer->AvailableDataLength()), CHIP_ERROR_INVALID_ARGUMENT);
+    bufLen = static_cast<uint32_t>(mHeadBuffer->AvailableDataLength());
     return CHIP_NO_ERROR;
 }
 
@@ -107,7 +110,8 @@ CHIP_ERROR TLVPacketBufferBackingStore::GetNewBuffer(chip::TLV::TLVWriter & writ
     else
     {
         bufStart = mCurrentBuffer->Start();
-        bufLen   = static_cast<uint32_t>(mCurrentBuffer->MaxDataLength());
+        VerifyOrReturnError(CanCastTo<uint32_t>(mCurrentBuffer->MaxDataLength()), CHIP_ERROR_INVALID_ARGUMENT);
+        bufLen = static_cast<uint32_t>(mCurrentBuffer->MaxDataLength());
     }
 
     return CHIP_NO_ERROR;