I am trying to read continuous data from remote device and I have static variable declared to receive and send ACK . Payload of 0 and 1
holds the sequence number of the data I am getting from remote device .
The problem I have is with variable fragment_num
. After it reaches 0x0c
it is resetting back to 0.
Its Free RTOS application . Are there any obvious reasons for a static variable to reset to 0 or is there any problem with my code ? Thanks
#define INTIAL_FRAGMENT 0x00
static uint8_t length;
static uint8_t fragment_num ;
uint8_t image[128];
download ()
{
if(((payload[1] << 8) | (payload[0])) == INTIAL_FRAGMENT)
{
memset(image , 0,128);
memcpy(image , payload,(len));
info_download();
length = len;
fragment_num =1 ;
}
if(((payload[1] << 8) | (payload[0])) == fragment_num)
{
memcpy((image length 1) , payload,(len));
length = len;
fragment_num ;
info_download();
}
CodePudding user response:
The problem is likely buffer overflow.
static uint8_t fragment_num ;
uint8_t image[128];
The compiler may have laid out fragment_num
right after image
in memory. If length
or len
is incorrect then memcpy()
could write past the end of image
and overwrite the value of fragment_num
.
memcpy((image length 1) , payload,(len));
I believe you want (image length)
instead of (image length 1)
here. Adding one skips a byte.
You should probably also verify len
before memcpy()
to make sure it doesn't overflow, e.g.:
if (len > 128)
return -1;
memcpy(image, payload, len);
if (length len > 128)
return -1;
memcpy(image length, payload, len);