Closed ottelo9 closed 1 year ago
ottelo9
commented
1 year ago I've compiled the newest version and until now nothing crashes anymore ...
Reade2Use dlls: https://github.com/stephane/libmodbus/wiki/Compile-dll-under-Windows-with-Visual-Studio-2008-Express
ottelo9
commented
1 year ago Ok after few weeks of usage the same error appears again. How can I debug this?
Informations from AppCrashView.exe:
Exception Code: 0xc0000409 Exception Code Description: The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
Fault Module Name: modbus.dll Fault Module Version: 3.1.1.2
ottelo9
commented
1 year ago ottelo9
commented
1 year ago I found the part where my program crashes via a crash dump file. Its inside modbus_reply
case MODBUS_FC_WRITE_SINGLE_REGISTER: {
int mapping_address = address - mb_mapping->start_registers;
if (mapping_address < 0 || mapping_address >= mb_mapping->nb_registers) {
rsp_length =
response_exception(ctx,
&sft,
MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS,
rsp,
FALSE,
"Illegal data address 0x%0X in write_register\n",
address);
} else {
int data = (req[offset + 3] << 8) + req[offset + 4];
mb_mapping->tab_registers[mapping_address] = data;
memcpy(rsp, req, req_length); <--- buffer overflow !!!
rsp_length = req_length;
}
} break;memcpy(rsp, req, req_length); rsp = uint8_t rsp[260]; req = NULL req_length = 122404592
My application:
int CVICALLBACK threadFctModbus ( void *functionData )
{
int rc, iUsedBackend;
iUsedBackend = *(int *)functionData;
while (mbFlagRunning)
{
do
{
//this function is polling for new data!!!! So it hangs here
rc = modbus_receive(mbCtx, mbQuery);
}
while (rc == 0);
//for Master Request Status LED
mbTimeStamp = Timer();
rc = modbus_reply(mbCtx, mbQuery, rc, mbMap);
if (rc == -1)
{
//return -1;
}
}
return 0;
}/* threadFctModbus */In my case this error occurs: modbus_receive() returns with rc = 122404592 and mbQuery = NULL I put mbQuery and rc inside modbus_reply() without any check. I thought that would be intercepted in the function already but no! I dont know why, but I always catch those things at the beginning of each function.
ottelo9
commented
1 year ago Check for NULL pointer solve the problem:
while (mbFlagRunning)
{
do
{
//this function is polling for new data!!!! So it hangs here
rc = modbus_receive(mbCtx, mbQuery);
}
while (rc == 0);
//error handling
if ((rc > 0) && (rc < MODBUS_MAX_ADU_LENGTH) && (mbQuery != NULL))
{
//for Master Request Status LED
mbTimeStamp = Timer();
rc = modbus_reply(mbCtx, mbQuery, rc, mbMap);
}
}
Please read the following carefully before submitting this new issue.
libmodbus version
3.1.6.2
OS and/or distribution
Windows 10 LTSC 2021 x64
Environment
Intel CPU, 64Bit
Description
<...>
Actual behavior if applicable
My Win32 Application (build with Labwindows/CVI 17) runs very fine without any problems. Am actually testing my modbus communcation and a externally Modbus Master sends requests every 10s to my Client with my application. (read register 3x). Without the modbus request the software runs without problems forever. But now after few days the software silently quits without any message. Only if I look into the windows event log under Application then I can find a error.
Expected behavior or suggestion
<...>
Steps to reproduce the behavior (commands or source code)
Connect a Modbus Master and send "read register 3x" commands to the client with modbus.dll application. After some time (days) the program with modbus.dll quits silenty.
libmodbus output with debug mode enabled
I will enable it!