Access violation in function modbus_mask_write_register #265

Closed
lipengin1975 opened this Issue May 20, 2015 · 2 comments

Comments

Projects
None yet
2 participants
@lipengin1975

Hi, everyone!
I use the modbus_mask_write_register function to write a bit value into a holding register.But it throw a exception in memory access.
I browse the code of version 3.1.2, in line 1471 of file modbus.c, there defined the req array like that:
uint8_t req[_MIN_REQ_LENGTH];
the macro _MIN_REQ_LENGTH value is 12, but in line 1480 of the modbus.c,
req[req_length++] = and_mask >> 8;
req[req_length++] = and_mask & 0x00ff;
req[req_length++] = or_mask >> 8;
req[req_length++] = or_mask & 0x00ff;
so I think at last req_length equals 14, is it a bug?

mhei added a commit to mhei/libmodbus that referenced this issue May 20, 2015

modbus_mask_write_register: fix buffer overflow (fixes #265)
Thanks to @lipengin1975 for reporting this issue.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

@stephane stephane closed this in b7894da May 21, 2015

@stephane

This comment has been minimized.

Show comment
Hide comment
@stephane

stephane May 21, 2015

Owner

I merged it but a bit hastily, the fix allocates too much memory and this bug exists because there is no tests for this feature! So I'll improve that with another patch.

Owner

stephane commented May 21, 2015

I merged it but a bit hastily, the fix allocates too much memory and this bug exists because there is no tests for this feature! So I'll improve that with another patch.

@lipengin1975

This comment has been minimized.

Show comment
Hide comment
@lipengin1975

lipengin1975 May 26, 2015

Thanks mhei and stephane ! I changed the code same as mhei's method, but now I think the better way is what stephane have done.

Thanks mhei and stephane ! I changed the code same as mhei's method, but now I think the better way is what stephane have done.

georgidimov added a commit to georgidimov/libmodbus that referenced this issue Jul 24, 2017

modbus_mask_write_register: fix buffer overflow (fixes #265)
Thanks to @lipengin1975 for reporting this issue.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

georgidimov added a commit to georgidimov/libmodbus that referenced this issue Jul 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment