search

gasagna / A76XX

Arduino library for the A76XX family of SIMCOM cellular modules, with native MQTT(S), HTTP(S), etc, clients!
MIT License
8 stars 3 forks source link

Stack smashing protect failure! with MqttSubscribe example #4

Closed danielbernalb closed 8 months ago

danielbernalb commented 8 months ago

Hello, I am using the MqttSubscribe.ino example to test the library and implement it in my code, but when the frame arrives from the server always appears the error: "Stack smashing protect failure!". Tested on an ESP32 and ESP8266.

The code is exactly the same as the example but with my own data (apn, server, client, etc). The received frame was between 250 and 350 bytes.

Serial debugging with DEBUG_AT true was:

Waiting for modem ... AT
ATOK
AT+CPIN?
AT+CPIN?+CPIN: READY

OK
ATE0
ATE0OK
AT+CMEE=0

OK
AT+CTZR=0

OK
AT+CTZU=1

OK
OK
Waiting for modem to register on network ... AT+CGREG?

+CGREG: 0,1

OK
done
Connecting  ... AT+CGDCONT=1,"IP","web.xxxxxxxxxx.com"

OK
AT+CGACT=1,1

OK
connected
Starting client  ... AT+CMQTTSTART

OK

+CMQTTSTART: 0
AT+CMQTTACCQ=0,"test_client1",0

OK
done
Connecting to mosquitto test server  ... AT+CMQTTCONNECT=0,"tcp://xxxxxxxxxxxxxxxxx.com:80",120,1

PB DONE

OK

+CMQTTCONNECT: 0,0
done
Subscribe to topic  ... AT+CMQTTSUB=0,19,0

>config/test_client1
OK

+CMQTTSUB: 0,0
done
........
+CMQTTRXSTART: 0,19,265
+CMQTTRXTOPIC: 0,19
config/test_client1
+CMQTTRXPAYLOAD: 0,265
{"warning": "", "caution": "", "alarm": "ON", "name": "test_client", "update": "OFF", "factory_reset": "OFF", "FRC": "OFF", "FRC_value": "", "MQTT_server": "xxxxxx.xxxx.org", "MQTT_port": "", "ABC": "OFF", "reboot": "ON", "temperature_offset": "", "altitude_compensation": ""}
+CMQTTRXEND: 0

Stack smashing protect failure!

Backtrace: 0x4008340d:0x3ffb2070 0x4008806d:0x3ffb2090 0x4008280a:0x3ffb20b0 0x400d21a1:0x3ffb20d0 0x400d1799:0x3ffb2160 0x400d1909:0x203a2274 |<-CORRUPTED

ELF file SHA256: d2d0f22e28280659

Rebooting...
ets Jun  8 2016 00:22:57

rst:0xc (SW_CPU_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff0030,len:1344
load:0x40078000,len:13964
load:0x40080400,len:3600
entry 0x400805f0
Waiting for modem ... AT

OK
AT+CPIN?

+CPIN: READY

I have not been able to solve the problem. Thanks for any help or guidance

gasagna commented 8 months ago

Hi,

thanks for using my library.

It looks like your payload size is larger than MQTT_PAYLOAD_BUFFER_LEN set in A76XX.h. Have a look at the code in clients/mqtt.h in particular how MQTTMessage_t is defined.

danielbernalb commented 8 months ago

Hi, thanks for your help. I add the two definitions to the example but it still doesn't work:

A76XX modem(SerialAT);
A76XXMQTTClient mqtt_client(modem, clientID, use_ssl);

#define MQTT_PAYLOAD_BUFFER_LEN 400
#define MQTT_TOPIC_BUFFER_LEN 40

void setup() {
    // begin serial port
    Serial.begin(115200);

The payload is 265 and I define 400.

Debug serial messages:

+CMQTTSUB: 0,0
done
........
+CMQTTRXSTART: 0,30,265
+CMQTTRXTOPIC: 0,30
config/AirTestMQTT
+CMQTTRXPAYLOAD: 0,265
{"warning": "", "caution": "", "alarm": "ON", "name": "", "update": "OFF", "factory_reset": "OFF", "FRC": "OFF", "FRC_value": "", "MQTT_server": "xxxxxx.xxxxx.org", "MQTT_port": "", "ABC": "OFF", "reboot": "ON", "temperature_offset": "", "altitude_compensation": ""}
+CMQTTRXEND: 0

Stack smashing protect failure!

Backtrace: 0x4008340d:0x3ffb2070 0x4008806d:0x3ffb2090 0x4008280a:0x3ffb20b0 0x400d21a1:0x3ffb20d0 0x400d1799:0x3ffb2160 0x400d1909:0x203a2274 |<-CORRUPTED

ELF file SHA256: 84b845093e097ae2

Rebooting...
ets Jun  8 2016 00:22:57

When you select The Generic ESP8266 Board on Arduino, there is a Stack Protection option which when disabled, there is no reboot but the payload and topic are displayed incomplete and with errors:

+CMQTTSUB: 0,0
done
.......
+CMQTTRXSTART: 0,30,265
+CMQTTRXTOPIC: 0,30
config/AireCiuda.Received message ...
  topic: config/AirTes.Œþ?.
  payload: H.............

thanks for your help

gasagna commented 8 months ago

Just to better debug this, assuming it's a bug in the library, could you try sending a shorter payload and see what happens? I would also suggest you check the AT command manual of your simcom module and see if you are not misusing the MQTT interface provided by the simcom module.

gasagna commented 8 months ago

Also should you not put the #define statements before anything else? You could edit the actual library code in the file A76XX.h and see what happens.

danielbernalb commented 8 months ago

  1. In the A76XX Series_AT Command Manual are established the limits of the topic and payload:

    The length of message topic received from MQTT server. The range is from 1 to 1024 bytes. The length of message body received from MQTT server. The range is from 1 to 10240 bytes The limits are complied.

  2. I put the #define statements at the beginnign., not work. I edit the A76XX.h file with this limits and the reset caused by Stack smashing protect failure! desapears:


#ifndef MQTT_PAYLOAD_BUFFER_LEN
    /* Controls the maximum payload size in bytes of an MQTT message */
    #define MQTT_PAYLOAD_BUFFER_LEN 512
#endif

#ifndef MQTT_TOPIC_BUFFER_LEN
    /* Controls the maximum topic size of an MQTT message */
    #define MQTT_TOPIC_BUFFER_LEN 64
#endif
  1. The actual problem is that the library fails with the topic and payload received by the ESP8266, serial debug messages with DEBUG_AT true (the topic printed is incomplete - only 16 bytes are showed, the +CMQTTRXPAYLOAD: and payload not showed, the printed topic and payload have errors or garbage):
....
+CMQTTRXSTART: 0,30,265
+CMQTTRXTOPIC: 0,30
config/AireCiuda.control1
Received message ...
  topic: config/AireCiuda⸮⸮⸮⸮m@0
  payload: ⸮⸮⸮⸮⸮e@⸮⸮⸮?⸮y
....

With the ESP32 works good:

.....
+CMQTTRXSTART: 0,30,265
+CMQTTRXTOPIC: 0,30
config/Airexxxxxxxx_TestMQTT1
+CMQTTRXPAYLOAD: 0,265
{"warning": "", "caution": "", "alarm": "ON", "name": "", "update": "OFF", "factory_reset": "OFF", "FRC": "OFF", "FRC_value": "", "MQTT_server": "mqtt.xxxxxxx.org", "MQTT_port": "", "ABC": "OFF", "reboot": "ON", "temperature_offset": "", "altitude_compensation": ""}
+CMQTTRXEND: 0
.control1
Received message ...
  topic: config/Airexxxxxxxx_TestMQTT1
  payload: {"warning": "", "caution": "", "alarm": "ON", "name": "", "update": "OFF", "factory_reset": "OFF", "FRC": "OFF", "FRC_value": "", "MQTT_server": "mqtt.xxxxx.org", "MQTT_port": "", "ABC": "OFF", "reboot": "ON", "temperature_offset": "", "altitude_compensation": ""}
......

Thanks for your help

danielbernalb commented 8 months ago

With the debug level Activated in Arduino at maxium, appears a new message:


..................
+CMQTTRXSTART: 0,30,265
+CMQTTRXTOPIC: 0,30
readBytes should be overridden for better efficiency
config/AireCiuda.control1
Received message ...
  topic: config/AireCiuda⸮⸮⸮⸮⸮@0
  payload: ⸮⸮⸮⸮⸮g@⸮⸮⸮?⸮B⸮

.....................

"readBytes should be overridden for better efficiency" I can´t find the relation with the error

gasagna commented 8 months ago

So, your point 2 in the message above suggests that modifying the library file, the error disappears?

danielbernalb commented 8 months ago

Yes, modifing the A76XX.h file the reset caused by Stack smashing protect failure! disappears. With ESP32 everything works fine. But with ESP8266 the topic and payload showed have errors or garbage and the instruction +CMQTTRXPAYLOAD: not appears.

gasagna commented 8 months ago

I would suggest you change the source code of the library (see the function process in mqtt.cpp) to replace the readBytes with a for loop and a simple read and see what happens. Also garbled serial output suggests some issues with the baud rate.

danielbernalb commented 8 months ago

I did the replacement of readbytes to read but nothing changes. I made a lot of changes and nothing. I decided to decrease the communication baud rate with A7670 by SoftwareSerial from 115200 to 9600 - 19200 bps and the library works fine. I think the ESP32 uses serial hardware that works very well with 115200, the ESP8266 uses serial software that could have problems at high speeds like 115200. That is the reason for working well on ESP32 and poorly on ESP8266. Also, the ESP8266 has to "Remap a large string" arrived due to a long payload and probably the CPU time is large and the payload reception fails. At the end, the only one change in the library was in A76XX.h file:

#ifndef MQTT_PAYLOAD_BUFFER_LEN
    /* Controls the maximum payload size in bytes of an MQTT message */
    #define MQTT_PAYLOAD_BUFFER_LEN 512
#endif

#ifndef MQTT_TOPIC_BUFFER_LEN
    /* Controls the maximum topic size of an MQTT message */
    #define MQTT_TOPIC_BUFFER_LEN 64
#endif

Thanks for your help

gasagna commented 8 months ago

Hi @danielbernalb, good to know that you fixed the issue. I can close it now.

Incidentally, what simcom module do you have? I want to add this information on the README. Have you tested secure MQTT? have you used any of the HTTP[S] functionality?

Thanks

danielbernalb commented 8 months ago

I have the A7670G. No, I just only tried the non-secure MQTT. I continue to test the code because sometimes I have problems and it restarts. The problem is definitely the ESP8266 Serial software that is failing a lot a 115200 and the A7670 comes by default at 115200.