g+
g+ Communities
Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014 
<== Date ==> <== Thread ==>

Subject: caput off-by-one bug for string as array of chars
From: "J. Lewis Muir" <jlmuir@imca-cat.org>
To: EPICS Tech Talk <tech-talk@aps.anl.gov>
Date: Thu, 16 Aug 2012 18:12:35 -0500
I believe there is an off-by-one bug in caput for the case of
writing a string as an array of chars (i.e. the '-S' option) in
EPICS Base 3.14.12.2.  (Looking at the 3.15 source code, the bug
is probably there as well, but I haven't tested it.)

The caput program will sometimes write an incorrect value--a
value different from the value passed as an argument.  I believe
this is because caput does not allocate enough memory to hold
the string value *plus* the terminating null character.

Attached is caput-string-off-by-one-fix.diff, a patch against
EPICS Base 3.14.12.2 plus Known Problems patches, to fix the
problem.

Attached is image-file-path.db and reproduce-bug.sh which can be
used to reproduce the problem.

Load image-file-path.db into a soft IOC like this:

  dbLoadRecords("image-file-path.db","P=ioc23:")

Run the reproduce-bug.sh program like this:

  $ sh reproduce-bug.sh

On my system, it usually fails within 20 iterations.  For example:

  $ sh reproduce-bug.sh
  [3] "/tmp/lys_001.img/" != "/tmp/lys_001.img"

What I don't understand, though, is that if I add the '-t'
option to the caput command in reproduce-bug.sh, the problem
does not occur.  I'd be interested to hear an explanation of why
that is.

Thanks,

Lewis
--- src/catools/caput.c.orig	2011-12-12 14:14:45.000000000 -0600
+++ src/catools/caput.c	2012-08-16 17:35:11.000000000 -0500
@@ -492,12 +492,12 @@
         if (charArrAsStr) {
             count = len;
             dbrType = DBR_CHAR;
-            ebuf = calloc(strlen(cbuf), sizeof(char));
+            ebuf = calloc(strlen(cbuf) + 1, sizeof(char));
             if(!ebuf) {
                 fprintf(stderr, "Memory allocation failed\n");
                 return 1;
             }
-            epicsStrnRawFromEscaped(ebuf, strlen(cbuf), cbuf, strlen(cbuf));
+            epicsStrnRawFromEscaped(ebuf, strlen(cbuf) + 1, cbuf, strlen(cbuf));
         } else {
             for (i = 0; i < count; ++i) {
                 epicsStrnRawFromEscaped(sbuf[i], sizeof(EpicsStr), *(argv+optind+i), sizeof(EpicsStr));
#
# Provides image file path PV.
#
# Parameters:
#   P  PV name prefix (e.g. "ioc23:")
#

record(waveform, "$(P)ImageFilePath") {
  field(DESC, "Latest image path")
  field(FTVL, "UCHAR")
  field(NELM, "256")
  field(PINI, "YES")
}

Attachment: reproduce-bug.sh
Description: Bourne shell script


Replies:
Re: caput off-by-one bug for string as array of chars Ralph Lange

Navigate by Date:
Prev: RE: JCas Carcassi, Gabriele
Next: EDM widget PV name copy on OS X Eric Norum
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014 
Navigate by Thread:
Prev: RE: JCas Carcassi, Gabriele
Next: Re: caput off-by-one bug for string as array of chars Ralph Lange
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014 
ANJ, 18 Nov 2013 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· EPICSv4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·