On 22/06/12 17:10, Graves, Daniel (GE Healthcare) wrote:
> I found that the following code in Serial.c will cause a buffer overflow
> if there is garbage data on the wire before a thread has started reading
> from the serial port:
>
> ------------------------------------------------
> static rcv_req_reply_t
> serial_data_rcv_req(serial_channel *chan, int avail,
> int* space_avail, unsigned char** space)
> {
[snip]
> // Check for space
> gap = cbuf->nb;
> if (gap == cbuf->len)
> return CYG_RCV_FULL;
>
> ----------------------
>
> The line gap == cbuf->len will not always evaluate to true if garbage data
> is received. This will cause the put variable to shoot way past len.
I don't yet follow the situation you are concerned about. This generic layer
doesn't know about garbage data. Garbage data is just data, and whether before
or after a thread has started reading from the serial port, the underlying
hardware serial driver needs to call serial_data_rcv_req() when data is
received and act accordingly based on the return code.
Based on what you're saying, you are implying that cbuf->nb > cbuf->len ? If
so, then something has gone wrong... I imagine that the hardware driver is not
respecting space_avail on return from serial_data_rcv_req().
Are you using an eCos serial driver or something you wrote yourself?
Jifl
--
eCosCentric Limited http://www.eCosCentric.com/ The eCos experts
Barnwell House, Barnwell Drive, Cambridge, UK. Tel: +44 1223 245571
Registered in England and Wales: Reg No 4422071.
------["Si fractum non sit, noli id reficere"]------ Opinions==mine
--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss
