Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017 
<== Date ==> <== Thread ==>

Subject: Re: How to crash an EPICS ioc on Intel/VxWorks
From: Andrew Johnson <anj@aps.anl.gov>
To: Jane Richards <richards@triumf.ca>
Cc: tech-talk <tech-talk@aps.anl.gov>
Date: Fri, 12 May 2006 10:32:15 -0500
Hi Jane,

Jane Richards wrote:

A channel access client (we have used dm, edm and caget) which asks for a PV that is composed of a valid record name and an (invalid) field name of greater than 19 characters crashes the CA_UDP task. A buffer overflow occurs in the dbStaticLib.c function dbFindField.


Our Motorola MV162s do not crash.

We have identified the offending code as follows (MAX_FIELD_NAME_LENGTH is defined as 20):

Bug acknowledged and confirmed, although I can't reproduce the crash here because I don't have a vxWorks-pentium system and this doesn't kill a linux-x86 IOC.


This is Mantis bug #256.

I'd like to get rid of MAX_FIELD_NAME_LENGTH completely from dbStaticLib.c, but for now the fix that I'm committing is to increase the size allocated for the fieldName[] array by 1.

Thanks,

- Andrew
--
There is no S in exprexxo.

References:
How to crash an EPICS ioc on Intel/VxWorks Jane Richards

Navigate by Date:
Prev: How to crash an EPICS ioc on Intel/VxWorks Jane Richards
Next: Naming Conventions and Control Logix John Dobbins
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017 
Navigate by Thread:
Prev: How to crash an EPICS ioc on Intel/VxWorks Jane Richards
Next: Naming Conventions and Control Logix John Dobbins
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017 
ANJ, 02 Sep 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·