From 18d07471b20e20938a6263bfe598ea8cd892d183 Mon Sep 17 00:00:00 2001
From: Olivier <tekka007@users.noreply.github.com>
Date: Sat, 7 Feb 2026 14:14:17 +0100
Subject: [PATCH] Fix Pointer arithmetic error in hwUniqueID() (#1589)

---
 hal/architecture/ESP32/MyHwESP32.cpp     | 5 +++--
 hal/architecture/ESP8266/MyHwESP8266.cpp | 6 +++---
 hal/architecture/SAMD/MyHwSAMD.cpp       | 5 +++--
 hal/architecture/STM32/MyHwSTM32.cpp     | 7 +++----
 hal/architecture/Teensy3/MyHwTeensy3.cpp | 8 +++++---
 5 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/hal/architecture/ESP32/MyHwESP32.cpp b/hal/architecture/ESP32/MyHwESP32.cpp
index 7e19e31a..2cd15e6a 100644
--- a/hal/architecture/ESP32/MyHwESP32.cpp
+++ b/hal/architecture/ESP32/MyHwESP32.cpp
@@ -70,9 +70,10 @@ void hwWriteConfig(const int addr, uint8_t value)
 
 bool hwUniqueID(unique_id_t *uniqueID)
 {
+	// padding
+	(void)memset(reinterpret_cast<uint8_t *>(uniqueID), MY_HWID_PADDING_BYTE, sizeof(unique_id_t));
 	uint64_t val = ESP.getEfuseMac();
-	(void)memcpy(static_cast<void *>(uniqueID), (void *)&val, 8);
-	(void)memset(static_cast<void *>(uniqueID + 8), MY_HWID_PADDING_BYTE, 8); // padding
+	(void)memcpy(reinterpret_cast<uint8_t *>(uniqueID), (void *)&val, 8);
 	return true;
 }
 
diff --git a/hal/architecture/ESP8266/MyHwESP8266.cpp b/hal/architecture/ESP8266/MyHwESP8266.cpp
index 9dc2e636..a1d05aa6 100644
--- a/hal/architecture/ESP8266/MyHwESP8266.cpp
+++ b/hal/architecture/ESP8266/MyHwESP8266.cpp
@@ -67,11 +67,11 @@ void hwWriteConfig(const int addr, uint8_t value)
 bool hwUniqueID(unique_id_t *uniqueID)
 {
 	// padding
-	(void)memset((uint8_t *)uniqueID, MY_HWID_PADDING_BYTE, sizeof(unique_id_t));
+	(void)memset(reinterpret_cast<uint8_t *>(uniqueID), MY_HWID_PADDING_BYTE, sizeof(unique_id_t));
 	uint32_t val = ESP.getChipId();
-	(void)memcpy((uint8_t *)uniqueID, &val, 4);
+	(void)memcpy(reinterpret_cast<uint8_t *>(uniqueID), &val, 4);
 	val = ESP.getFlashChipId();
-	(void)memcpy((uint8_t *)uniqueID + 4, &val, 4);
+	(void)memcpy(reinterpret_cast<uint8_t *>(uniqueID) + 4, &val, 4);
 	return true;
 }
 
diff --git a/hal/architecture/SAMD/MyHwSAMD.cpp b/hal/architecture/SAMD/MyHwSAMD.cpp
index 61a95126..544f2795 100644
--- a/hal/architecture/SAMD/MyHwSAMD.cpp
+++ b/hal/architecture/SAMD/MyHwSAMD.cpp
@@ -130,8 +130,9 @@ int8_t hwSleep(const uint8_t interrupt1, const uint8_t mode1, const uint8_t inte
 
 bool hwUniqueID(unique_id_t *uniqueID)
 {
-	(void)memcpy((uint8_t *)uniqueID, (uint32_t *)0x0080A00C, 4);
-	(void)memcpy((uint8_t *)uniqueID + 4, (uint32_t *)0x0080A040, 12);
+	// No padding required, as unique ID is already 16 bytes
+	(void)memcpy(reinterpret_cast<uint8_t *>(uniqueID), (uint32_t *)0x0080A00C, 4);
+	(void)memcpy(reinterpret_cast<uint8_t *>(uniqueID) + 4, (uint32_t *)0x0080A040, 12);
 	return true;
 }
 
diff --git a/hal/architecture/STM32/MyHwSTM32.cpp b/hal/architecture/STM32/MyHwSTM32.cpp
index 582a3c52..9f56edb3 100644
--- a/hal/architecture/STM32/MyHwSTM32.cpp
+++ b/hal/architecture/STM32/MyHwSTM32.cpp
@@ -173,10 +173,9 @@ void hwRandomNumberInit(void)
 bool hwUniqueID(unique_id_t *uniqueID)
 {
 #ifdef UID_BASE
-	// STM32 unique device ID is stored at a fixed address
-	// Length is 96 bits (12 bytes) but we store 16 bytes for compatibility
-	(void)memcpy((uint8_t *)uniqueID, (uint32_t *)UID_BASE, 12);
-	(void)memset(static_cast<void *>(uniqueID + 12), MY_HWID_PADDING_BYTE, 4); // padding
+	// padding
+	(void)memset(reinterpret_cast<uint8_t *>(uniqueID), MY_HWID_PADDING_BYTE, sizeof(unique_id_t));
+	(void)memcpy(reinterpret_cast<uint8_t *>(uniqueID), (uint32_t *)UID_BASE, 12);
 	return true;
 #else
 	// Unique ID not available on this variant
diff --git a/hal/architecture/Teensy3/MyHwTeensy3.cpp b/hal/architecture/Teensy3/MyHwTeensy3.cpp
index b2da0e49..25878f93 100644
--- a/hal/architecture/Teensy3/MyHwTeensy3.cpp
+++ b/hal/architecture/Teensy3/MyHwTeensy3.cpp
@@ -94,10 +94,12 @@ int8_t hwSleep(const uint8_t interrupt1, const uint8_t mode1, const uint8_t inte
 bool hwUniqueID(unique_id_t *uniqueID)
 {
 #if defined(__MKL26Z64__)
-	(void)memcpy((uint8_t *)uniqueID, &SIM_UIDMH, 12);
-	(void)memset((uint8_t *)uniqueID + 12, MY_HWID_PADDING_BYTE, 4);
+	// padding
+	(void)memset(reinterpret_cast<uint8_t *>(uniqueID), MY_HWID_PADDING_BYTE, sizeof(unique_id_t));
+	(void)memcpy(reinterpret_cast<uint8_t *>(uniqueID), &SIM_UIDMH, 12);
 #else
-	(void)memcpy((uint8_t *)uniqueID, &SIM_UIDH, 16);
+	// No padding required, as unique ID is already 16 bytes
+	(void)memcpy(reinterpret_cast<uint8_t *>(uniqueID), &SIM_UIDH, 16);
 #endif
 	return true;
 }