modbus_check_response() crashes on an invalid exception code
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libmodbus |
Fix Released
|
Medium
|
Stéphane Raimbault |
Bug Description
Hi,
I am using version 2.0 of the libmodbus library.
When an exception error is received, the application crashes. I found that the problem is in the following function:
static int modbus_
the code that handles the invalid exception code starts at line 664 of the file modbus.c as is as follows (line numbers are in brackets):
[664] /* The chances are low to hit this
[665] case but can avoid a vicious
[666] segfault */
[667] char s_error[64];
[668] sprintf(s_error,
[669] "Invalid exception code %d",
[670] response[offset + 2]);
[671] error_treat(
[672] s_error);
[673] free(s_error);
[674] return INVALID_
As you can see in line 673, free() is used to deallocate the memory assigned to s_error. However s_error was not dynamically created (with malloc) and that is where the seg fault occurs.
Conclusion: free(s_error) in line 673 should be removed.
As the comment says, it is unlikely that this section of the code is ever executed, however, it happened to me and that's how I found the problem.
Regards,
P.S. Can someone please explain to me how to make a patch so I can attach code changes into to future bug reports? Maybe that way is easier to submit a fix for this kind of easy problems.
Related branches
Changed in libmodbus: | |
status: | New → Fix Released |
Thank you for your bug report.
The string was no more a dynamic allocation in libmodbus 2.0, I chose to not remove the free and to add a malloc!
Can you test this change from the trunk, please?
PS: you've a button to attach file on your bug report.