EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  <20012002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  <20012002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: Re: An et_wish crash
From: EPICS User <[email protected]>
To: [email protected]
Date: Wed, 21 Nov 2001 15:59:43 +0100
Andy Foster wrote:
> 
> Recently, while trying some examples with et_wish
> at Daresbury Lab, it was noticed that it is possible
> to cause a crash by monitoring the VAL field
> of an "mbbi" record which is using "Raw Soft Channel"
> device support.
> 
> The crash occurs if RVAL is set to a value which does
> not correspond to a valid state.
> 
> Looking at "tclCa.c", the relevant code appears to be at
> line 983:
> 
>   case DBF_ENUM:
>     if (strlen(pch->info.e.strs[pch->pdata->e.value]) != 0) {
>       Tcl_SetVar(pch->interp, pch->pitem->tclname,
>                  pch->info.e.strs[pch->pdata->e.value],
>                  TCL_GLOBAL_ONLY);
>     } else {
>       sprintf(buf, "%d", pch->pdata->e.value);
>       Tcl_SetVar(pch->interp, pch->pitem->tclname, buf,
>                  TCL_GLOBAL_ONLY);
>     }
>     break;
> 
> The crash is caused by the "pch->info.e.strs[pch->pdata->e.value]"
> because the index into the strs is out of range.
> One solution would be to replace this with:
> 
>     if( pch->pdata->e.value <= pch->info.e.no_str )
>     {
>       Tcl_SetVar(pch->interp, pch->pitem->tclname,
>                  pch->info.e.strs[pch->pdata->e.value],
>                  TCL_GLOBAL_ONLY);
>     }
>     else
>     {
>       sprintf(buf, "%d", pch->pdata->e.value);
>       Tcl_SetVar(pch->interp, pch->pitem->tclname, buf,
>                  TCL_GLOBAL_ONLY);
>     }
>     break;
> 
> So that we only use a valid index into the array of state strings
> otherwise we just report the value as given.
> 

There are some more missing range checks in tclCa.c, eg. when converting
STAT and SEVR. Try to do a "pv info" on the status of the pseudo field
.RTYP
of any record! At least in version R3.13.0, STAT and SEVR are not set
properly
for this field.

Try my debugged version of tclCa.c at 
http://www.delta.uni-dortmund.de/controls/pub/dist/tclCa
based on version 1.4

Features:
- The 'undefined' mbbi value will be reported as -1 what as I think is a
better
  undefined value than 65535 (0xffff).
- Range checks are performed for STAT and SEVR.
- Precision is limited to 0-19 in "pv vdef"
- I added string array support for viewports.
- You can ask for "type" in "pv info" to get the DBF_* EPICS data type

Try my pv.tcl toolkit too! It has some easy to use wrapper functions for
tclCa
that help to deal with some problems (needs Tcl8).

I still have one problem: When reading a DBF_LONG array, with "pv getw",
only
the first element is valid, but "pv get" and "pv mon" are OK as well as
other
DBF_* data types. Seems to be a problem in EPICS, not in tclCa.

Dirk


References:
An et_wish crash Andy Foster

Navigate by Date:
Prev: EPICS 3.13.1 (and earlier) - NTP issues Brian McAllister
Next: Re: Fwd: RE: PowerPC woes Rozelle Wright
Index: 1994  1995  1996  1997  1998  1999  2000  <20012002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: An et_wish crash Andy Foster
Next: Using a terminal server to catch boot messages bickley
Index: 1994  1995  1996  1997  1998  1999  2000  <20012002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 10 Aug 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·