ynielson
commented
1 year ago The app used "CF_AppData.RawPduInputBuf" for the incoming PDUs, of which the length is defined as "MAX_DATA_LENGTH + 4". The "MAX_DATA_LENGTH" is defined as "CF_OUTGOING_PDU_BUF_SIZE" which is 2048.
The Command, "SendCfgParams(CF_SEND_CFG_PARAMS_CC)", sent information about the incoming/outgoing PDU buf size. And it showed that the "IncomingPduBufSize" is CF_INCOMING_PDU_BUF_SIZE(512) and the "OutgoingPduBufSize" is CF_OUTGOING_PDU_BUF_SIZE(2048).
The app used this MAX_DATA_LENGTH(CF_OUTGOING_PDU_BUF_SIZE: 2048) for the incoming PDU buffer, and used the CFE_SB_MAX_SB_MSG_SIZE(32768) for the outgoing PDU buffer.
The Outgoing going PDU file is broken down to outgoing file chunk size which is defined in the config table(OutgoingFileChunkSize: 200).
And the above, CF_INCOMING_PDU_BUF_SIZE(512), is not used for any incoming/outgoing PDU buffer. This may cause confusion(causing to memory corruption!!)
When CF app received a incoming PDU packet, it checked only the minimum data length from the packet. The function, "pdu__is_this_pdu_acceptable", returned YES(TRUE), even though the packet has the data length greater than the maximum data length.