Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BOF occurs in the handler function handling msgid 332 #1666

Closed
BOB4Drone opened this issue Dec 3, 2021 · 0 comments
Closed

BOF occurs in the handler function handling msgid 332 #1666

BOB4Drone opened this issue Dec 3, 2021 · 0 comments
Labels
bug
Milestone
Version 2.1

Comments

@BOB4Drone
Copy link
Contributor

Steps to reproduce the behavior:

  1. Turn the mavros on
  2. Set the lower one byte to be greater than 0x05 except for the CRC of the MAVLINK PROTOCOL packet which is msgID 332
  3. Send a packet.
  4. exception occurs.

example msgID332 packet

fdef00000010134c0100e3565eba869b61f07725bb94aca92677e1f5133803e4cc7d5b201503177bd0af9f8519b4303a0980008449a6be52ff2f683ea220859288c1edb1581698b7178a1fbb6fca0200c4e7e4ddb1e4b9675daa0999a0a5d005f204a950014dfe53d4e99207eac42e9b6f1fa265d24842063f83bdbbf0bfb1dc849afaefcab9c1f0196b8091e8c98a2a753b1b2faac48ab740ca481d8320f6d2c229a0870ffbd61b3b0f48f07ebb65c6cafe8820ff2a6b0d4c60a2181b7fdc087741b7d36ef22f73ba503038eb9c33d38cfa84e855a69c64470ebf314031bbc97b55b1c76d440a813148118a9535168751542766525c24656ea4d5

Describe the bug

The lower 1 byte of MAVLINK PROTOCOL with msgID number 332 is "valid_points".
We can set "valid_points" to a maximum of 0xff.
BOF occurs in the source code line below when "valid_points" is set to a large value.
We reported same bug in PX4. (issue)

source code

https://github.com/mavlink/mavros/blob/1d4f42d9db9952d90e63f9a72630b1d5b7754bcf/mavros_extras/src/plugins/trajectory.cpp#L396L398
@BOB4Drone BOB4Drone mentioned this issue Dec 3, 2021
Merged
@vooon vooon added the bug label Dec 3, 2021
@vooon vooon modified the milestones: Version 1.13, Version 2.1 Dec 3, 2021
@vooon vooon closed this as completed Dec 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
Version 2.1
Development

No branches or pull requests
2 participants
@vooon @BOB4Drone