EPICS Home

Experimental Physics and Industrial Control System


 
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: Re: How to crash an EPICS ioc on Intel/VxWorks
From: Andrew Johnson <[email protected]>
To: Jane Richards <[email protected]>
Cc: tech-talk <[email protected]>
Date: Fri, 12 May 2006 10:32:15 -0500
Hi Jane,

Jane Richards wrote:

A channel access client (we have used dm, edm and caget) which asks for a PV that is composed of a valid record name and an (invalid) field name of greater than 19 characters crashes the CA_UDP task. A buffer overflow occurs in the dbStaticLib.c function dbFindField.

Our Motorola MV162s do not crash.

We have identified the offending code as follows (MAX_FIELD_NAME_LENGTH is defined as 20):

Bug acknowledged and confirmed, although I can't reproduce the crash here because I don't have a vxWorks-pentium system and this doesn't kill a linux-x86 IOC.

This is Mantis bug #256.

I'd like to get rid of MAX_FIELD_NAME_LENGTH completely from dbStaticLib.c, but for now the fix that I'm committing is to increase the size allocated for the fieldName[] array by 1.

Thanks,

- Andrew
--
There is no S in exprexxo.
References:
How to crash an EPICS ioc on Intel/VxWorks Jane Richards
Navigate by Date:
Prev: How to crash an EPICS ioc on Intel/VxWorks Jane Richards
Next: Naming Conventions and Control Logix John Dobbins
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: How to crash an EPICS ioc on Intel/VxWorks Jane Richards
Next: Naming Conventions and Control Logix John Dobbins
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024