modbus_check_response() crashes on an invalid exception code

Hi,

I am using version 2.0 of the libmodbus library.

When an exception error is received, the application crashes. I found that the problem is in the following function:

static int modbus_check_response(modbus_param_t *mb_param,
                                 uint8_t *query,
                                 uint8_t *response)

the code that handles the invalid exception code starts at line 664 of the file modbus.c as is as follows (line numbers are in brackets):

[664] /* The chances are low to hit this
[665] case but can avoid a vicious
[666] segfault */
[667] char s_error[64];
[668] sprintf(s_error,
[669] "Invalid exception code %d",
[670] response[offset + 2]);
[671] error_treat(mb_param, INVALID_EXCEPTION_CODE,
[672] s_error);

[673] free(s_error);

[674] return INVALID_EXCEPTION_CODE;

As you can see in line 673, free() is used to deallocate the memory assigned to s_error. However s_error was not dynamically created (with malloc) and that is where the seg fault occurs.

Conclusion: free(s_error) in line 673 should be removed.

As the comment says, it is unlikely that this section of the code is ever executed, however, it happened to me and that's how I found the problem.

Regards,

P.S. Can someone please explain to me how to make a patch so I can attach code changes into to future bug reports? Maybe that way is easier to submit a fix for this kind of easy problems.