Development discussion of TauLabs software such as flight controllers, sensors, radios and speed controllers.
no avatar
User

Bilow

Posts

1

Joined

Thu Nov 03, 2016 11:03 am

vsnprintf crash, how to debug ?

by Bilow » Thu Nov 03, 2016 11:27 am

Hello,

I'm trying to understand the TauLabs firmware source code and thus I use the debug console to print informations.

I tried to improve this function from flight/PiOS/Common/pios_com.c in order to fix possible buffer overflow (vsnprintf instead of vsprintf) and warnings when format is too big :
Code: Select all
int32_t PIOS_COM_SendFormattedStringNonBlocking(uintptr_t com_id, const char *format, ...)
{
   uint8_t buffer[128]; // TODO: tmp!!! Provide a streamed COM method later!

   va_list args;

   va_start(args, format);
   vsprintf((char *)buffer, format, args);
   return PIOS_COM_SendBufferNonBlocking(com_id, buffer, (uint16_t)strlen((char *)buffer));
}


My code is :
Code: Select all
#define MAX_BUF_LEN PIOS_COM_DEBUGCONSOLE_TX_BUF_LEN // 40 from pios_hal.c
int32_t PIOS_COM_SendFormattedStringNonBlocking(uintptr_t com_id, const char *format, ...)
{
   // Willingly left more buffer space - I don't know if other threads do call this function with big buffers
   uint8_t buffer[128]; // TODO: tmp!!! Provide a streamed COM method later!

   if (MAX_BUF_LEN > 128)
   {
      const uint8_t *buf = (uint8_t*)"[!] PIOS COM FAIL - BUFFER ERROR\n";
      return PIOS_COM_SendBufferNonBlocking(com_id, buf, (uint16_t)strlen((char *)buf));
   }

   va_list args;

   va_start(args, format);
   
   int ret;
   ret = vsnprintf((char *)buffer, (size_t)MAX_BUF_LEN, format, args);
   
   va_end(args);

   if (ret == -1)
   {
      const uint8_t *buf = (uint8_t*)"[!] VSNPRINTF FAILED in pios_com\n";
      return PIOS_COM_SendBufferNonBlocking(com_id, buf, (uint16_t)strlen((char *)buf));
   }
   else if (ret == MAX_BUF_LEN)
   {
      const uint8_t *buf = (uint8_t*)"[!] VSNPRINTF FAILED format too big\n";
      return PIOS_COM_SendBufferNonBlocking(com_id, buf, (uint16_t)strlen((char *)buf));
   }
   else return PIOS_COM_SendBufferNonBlocking(com_id, buffer, (uint16_t)strlen((char *)buffer));
}


The max buffer length seems to be 40 bytes, terminating null byte included. When I send more (99 bytes) with PIOS_COM_SendBufferNonBlocking, and that MAX_BUF_LEN PIOS_COM_DEBUGCONSOLE_TX_BUF_LEN is set to 100, some of the messages I want to send are skipped.

Problem : Using vsnprintf makes the firmware crash. I use sparky2. Green led is on, blue led is on for about 6 seconds then goes off for half a second, then on again, ...

Questions :
- How can I debug this ? Why does vsnprintf crash ?
- What does the blue led slow blink means ? Where is that behavior implemented ?
- How could I debug segfaults / bus errors / etc ?
- Why va_end hasn't been called in the original code ?
- I found out two debug files : dcc_studio.c and cm3_fault_handlers.c ; what are their purpose ? How could I use them ?
- Why are some messages (DEBUG_PRINTF calls) simply skipped when their length exceeds 40 ? Can the buffer for the USB_VCPPort be overflood ?

Thanks a lot

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB ® | phpBB3 Style by KomiDesign
cron