Bug Description

In some edge cases, MQTT control packets larger than 2^28 may be generated. As discussed in a previous issues, the maximum packet size is 2^28-1.

If a packet larger than this is generated, an MQTT-compliant broker will detect the error and close the connection.

This behavior may cause availability issues if automatic reconnection using loop_forever() or similar is not configured.

• Max mqtt payload size #107
• MQTT payload size #640
• https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718023
• https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901011

Reproduction

You can reproduce this behavior by calling Client.publish() with a topic name and payload that is the maximum allowed by the input validation.

import paho.mqtt.client as mqtt

host = 'localhost'
port = 1883
client = mqtt.Client(mqtt.CallbackAPIVersion.VERSION2)
client.connect(host, port, keepalive=60)
client.publish("A" * ((1<<16)-1), "A" * ((1<<28)-1))

Environment

• Python version: 3.12.3
• Library version: 2.1.0
• Operating system: Ubuntu 24.04.3 LTS
• MQTT server: EMQX (latest version, docker container)

Logs

Here is a hex dump of the captured PUBLISH packet:

0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00
0010 80 34 51 b9 40 00 40 06 6b 08 7f 00 00 01 7f 00
0020 00 01 af d7 07 5b 43 a8 30 4d 70 71 4d 45 80 10
0030 02 00 7e 29 00 00 01 01 08 0a 85 ff a6 3f 85 ff
0040 a5 76 30 80 80 84 80 01 ff ff 41 41 41 41 41 41
0050 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
0060 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41

As you can see, the remaining length is encoded as 80 80 84 80 01, which is too large.
$topic size + topic name + payload = 2 + (2^{16}-1) + (2^{28}-1) = 268500992$