The method TransportLayerMachine::get_reply_data() causes segfault if a packet is received with a very incorrect address. The calling context is TransportLayerMachine::sync_remote_buffer_transaction(), which doesn't seem to make it past the ::get_reply_data() line. So I believe the issue is in indexing in ::get_reply_data().
Sample printout
in sync_remote_buffer_transaction() for cdte3
can access ring buffer parameters
write pointer width: 4
sending read command: 000000000000000000000016 0102 fe 01 4d 02 00000103 fe 0000 00 060b0314 000004 2a
requested remote write pointer
got remote write pointer, reply length 29
got malformed SpaceWire Ethernet header!
0x21 12 81 6a 32 3a 0b 70 4b 33 8b 33 ab b3 22 bf 2b 33 32 ba ab 23 3a 2a 12 b7 9f 72 91
last header access: 24
vector data length field result:
0
171
35
58
converted data length field result:
11215674
Segmentation fault
This was observed when I cut power to cdte3 (hard) while trying to read it out. This is a failure mode we should protect against for flight.
The problem
The method
TransportLayerMachine::get_reply_data()causes segfault if a packet is received with a very incorrect address. The calling context isTransportLayerMachine::sync_remote_buffer_transaction(), which doesn't seem to make it past the::get_reply_data()line. So I believe the issue is in indexing in::get_reply_data().Sample printout
This was observed when I cut power to
cdte3(hard) while trying to read it out. This is a failure mode we should protect against for flight.