libmodbus

compute_response_size() no entry for read_input_status()

Bug #188189 reported by Chris Hellyar
2
Affects Status Importance Assigned to Milestone
libmodbus
Fix Released
Medium
Stéphane Raimbault
libmodbus 1.2.3 "Cold winter"

Bug Description

libmodbus1.2.2 :

When using modbus function 0x02 - Read Discrete Inputs the reply frame is the same length as for command 0x01.

compute_response_size() had no entry for function 0x02.

I added it into modbus.c as per:

< --------------- snip ---------------->
static unsigned int compute_response_size(modbus_param_t *mb_param,
                                          unsigned char *query)
{
        int response_size_computed;
        int offset;

        offset = mb_param->header_length;

        switch (query[offset + 1]) {
        case 0x01: /* function 0x01 and 0x02 have same response size. */
        case 0x02: {
                /* Header + nb values (code from force_multiple_coils) */
                int coil_count = (query[offset + 4] << 8) | query[offset + 5];
                response_size_computed = 3 +
                        (coil_count / 8) + ((coil_count % 8) ? 1 : 0);
        } break;
< --------------- snip --------------->

Thanks for a really well put together library, I had started writing my own after looking at the 'other' libmodbus, then found this.

Related branches

lp:libmodbus/1.2
Revision history for this message
Chris Hellyar (chris-trash) wrote :

Got a bit further through my RTU stack coding, and found this also effects function 04, so I've added a similar fix for that, as per:

< --------------- snip --------------->
                        (coil_count / 8) + ((coil_count % 8) ? 1 : 0);
        } break;

        case 0x03: /* function 0x03 and 0x04 have same response size. */
        case 0x04:
                /* Header + 2 * nb values */
                response_size_computed = 3 +
< --------------- snip --------------->

Cheers, Chris H.

Revision history for this message
Stéphane Raimbault (sra) wrote :

You're right and this change is already on trunk.
I applied your patch on stable branch to do a new stable release.

Thank you for your bug report.

Snip from trunk branch:

/* Computes the size of the expected response */
static unsigned int compute_response_size(modbus_param_t *mb_param,
                                          unsigned char *query)
{
        int response_size_computed;
        int offset;

        offset = mb_param->header_length;

        switch (query[offset + 1]) {
        case FC_READ_COIL_STATUS:
        case FC_READ_INPUT_STATUS: {
                /* Header + nb values (code from force_multiple_coils) */
                int coil_count = (query[offset + 4] << 8) | query[offset + 5];
                response_size_computed = 3 +
                        (coil_count / 8) + ((coil_count % 8) ? 1 : 0);
                }
                break;
        case FC_READ_HOLDING_REGISTERS:
        case FC_READ_INPUT_REGISTERS:
                /* Header + 2 * nb values */
                response_size_computed = 3 +
                        2 * (query[offset + 4] << 8 | query[offset + 5]);
                break;
        case FC_READ_EXCEPTION_STATUS:
                response_size_computed = 4;
                break;
        default:
                response_size_computed = 6;
        }

        response_size_computed += offset + mb_param->checksum_size;

        return response_size_computed;
}

Changed in libmodbus:
assignee: nobody → sra
importance: Undecided → Medium
milestone: none → 1.2.3
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.