Experimental Physics and Industrial Control System
|
Hi Jane,
Jane Richards wrote:
A channel access client (we have used dm, edm and caget) which asks for
a PV that is composed of a valid record name and an (invalid) field
name of greater than 19 characters crashes the CA_UDP task. A buffer
overflow occurs in the dbStaticLib.c function dbFindField.
Our Motorola MV162s do not crash.
We have identified the offending code as follows (MAX_FIELD_NAME_LENGTH
is defined as 20):
Bug acknowledged and confirmed, although I can't reproduce the crash
here because I don't have a vxWorks-pentium system and this doesn't kill
a linux-x86 IOC.
This is Mantis bug #256.
I'd like to get rid of MAX_FIELD_NAME_LENGTH completely from
dbStaticLib.c, but for now the fix that I'm committing is to increase
the size allocated for the fieldName[] array by 1.
Thanks,
- Andrew
--
There is no S in exprexxo.
- References:
- How to crash an EPICS ioc on Intel/VxWorks Jane Richards
- Navigate by Date:
- Prev:
How to crash an EPICS ioc on Intel/VxWorks Jane Richards
- Next:
Naming Conventions and Control Logix John Dobbins
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
<2006>
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
How to crash an EPICS ioc on Intel/VxWorks Jane Richards
- Next:
Naming Conventions and Control Logix John Dobbins
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
<2006>
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|
ANJ, 02 Sep 2010 |
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·
·
Search
·
EPICS V4
·
IRMIS
·
Talk
·
Bugs
·
Documents
·
Links
·
Licensing
·
|