Now you can map 600 bytes of objects to RXPRO and 600 bytes of objects to TXPDO by SOEM (dynamic PDO mapping).
When TXPDO_update() or RXPDO_update() functions are called they have no check of the size of 'rxpdo'/'txpdo' buffers, which cause buffer overflow in code:
ESC_read (ESC_SM2_sma, rxpdo, ESCvar.ESC_SM2_sml);
and
ESC_write (ESC_SM3_sma, txpdo, ESCvar.ESC_SM3_sml);
Solution: check the size of mapped objects in transition PREOP_TO_SAFEOP/SAFEOP_TO_SAFEOP and the slave will not go to SAFEOP state in case of wrong PDO mapping.
Thanks for input, the checks make sense. I know there are more checks that can be included.
I'll mark this issue as an enhancement for future improvements that is planed.
There is a problem with MAX_RXPDO_SIZE & MAX_TXPDO_SIZE control in SOES.
For example you defined in slave:
Now you can map 600 bytes of objects to RXPRO and 600 bytes of objects to TXPDO by SOEM (dynamic PDO mapping).
When TXPDO_update() or RXPDO_update() functions are called they have no check of the size of 'rxpdo'/'txpdo' buffers, which cause buffer overflow in code:
ESC_read (ESC_SM2_sma, rxpdo, ESCvar.ESC_SM2_sml);
andESC_write (ESC_SM3_sma, txpdo, ESCvar.ESC_SM3_sml);
Solution: check the size of mapped objects in transition PREOP_TO_SAFEOP/SAFEOP_TO_SAFEOP and the slave will not go to SAFEOP state in case of wrong PDO mapping.