Andy Foster wrote:
>
> Recently, while trying some examples with et_wish
> at Daresbury Lab, it was noticed that it is possible
> to cause a crash by monitoring the VAL field
> of an "mbbi" record which is using "Raw Soft Channel"
> device support.
>
> The crash occurs if RVAL is set to a value which does
> not correspond to a valid state.
>
> Looking at "tclCa.c", the relevant code appears to be at
> line 983:
>
> case DBF_ENUM:
> if (strlen(pch->info.e.strs[pch->pdata->e.value]) != 0) {
> Tcl_SetVar(pch->interp, pch->pitem->tclname,
> pch->info.e.strs[pch->pdata->e.value],
> TCL_GLOBAL_ONLY);
> } else {
> sprintf(buf, "%d", pch->pdata->e.value);
> Tcl_SetVar(pch->interp, pch->pitem->tclname, buf,
> TCL_GLOBAL_ONLY);
> }
> break;
>
> The crash is caused by the "pch->info.e.strs[pch->pdata->e.value]"
> because the index into the strs is out of range.
> One solution would be to replace this with:
>
> if( pch->pdata->e.value <= pch->info.e.no_str )
> {
> Tcl_SetVar(pch->interp, pch->pitem->tclname,
> pch->info.e.strs[pch->pdata->e.value],
> TCL_GLOBAL_ONLY);
> }
> else
> {
> sprintf(buf, "%d", pch->pdata->e.value);
> Tcl_SetVar(pch->interp, pch->pitem->tclname, buf,
> TCL_GLOBAL_ONLY);
> }
> break;
>
> So that we only use a valid index into the array of state strings
> otherwise we just report the value as given.
>
There are some more missing range checks in tclCa.c, eg. when converting
STAT and SEVR. Try to do a "pv info" on the status of the pseudo field
.RTYP
of any record! At least in version R3.13.0, STAT and SEVR are not set
properly
for this field.
Try my debugged version of tclCa.c at
http://www.delta.uni-dortmund.de/controls/pub/dist/tclCa
based on version 1.4
Features:
- The 'undefined' mbbi value will be reported as -1 what as I think is a
better
undefined value than 65535 (0xffff).
- Range checks are performed for STAT and SEVR.
- Precision is limited to 0-19 in "pv vdef"
- I added string array support for viewports.
- You can ask for "type" in "pv info" to get the DBF_* EPICS data type
Try my pv.tcl toolkit too! It has some easy to use wrapper functions for
tclCa
that help to deal with some problems (needs Tcl8).
I still have one problem: When reading a DBF_LONG array, with "pv getw",
only
the first element is valid, but "pv get" and "pv mon" are OK as well as
other
DBF_* data types. Seems to be a problem in EPICS, not in tclCa.
Dirk
- References:
- An et_wish crash Andy Foster
- Navigate by Date:
- Prev:
EPICS 3.13.1 (and earlier) - NTP issues Brian McAllister
- Next:
Re: Fwd: RE: PowerPC woes Rozelle Wright
- Index:
1994
1995
1996
1997
1998
1999
2000
<2001>
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
An et_wish crash Andy Foster
- Next:
Using a terminal server to catch boot messages bickley
- Index:
1994
1995
1996
1997
1998
1999
2000
<2001>
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|