1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 <2006> 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 <2006> 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 |
<== Date ==> | <== Thread ==> |
---|
Subject: | Re: How to crash an EPICS ioc on Intel/VxWorks |
From: | Andrew Johnson <[email protected]> |
To: | Jane Richards <[email protected]> |
Cc: | tech-talk <[email protected]> |
Date: | Fri, 12 May 2006 10:32:15 -0500 |
A channel access client (we have used dm, edm and caget) which asks for a PV that is composed of a valid record name and an (invalid) field name of greater than 19 characters crashes the CA_UDP task. A buffer overflow occurs in the dbStaticLib.c function dbFindField.
Our Motorola MV162s do not crash.
We have identified the offending code as follows (MAX_FIELD_NAME_LENGTH is defined as 20):
- Andrew -- There is no S in exprexxo.