cJSON
cJSON copied to clipboard
DaveGamble
cJSON_strdup causes LoadProhibitedCause
Hi, After a while that the program runs (about 30 hours) the esp creshes with LoadProhibitedCause and the core dump report that cJSON_strdup (that was call into cJSON_Duplicate) function cannot access memory at address 0x205.
================== CURRENT THREAD REGISTERS ===================
exccause 0x1c (LoadProhibitedCause)
excvaddr 0x205
epc1 0x400da013
epc2 0x0
epc3 0x0
epc4 0x0
epc5 0x0
epc6 0x0
eps2 0x0
eps3 0x0
eps4 0x0
eps5 0x0
eps6 0x0
pc 0x400014dc 0x400014dc
lbeg 0x4000c46c 1073792108
lend 0x4000c477 1073792119
lcount 0x0 0
sar 0xe 14
ps 0x60620 394784
threadptr
==================== CURRENT THREAD STACK =====================
#0 0x400014dc in ?? ()
#1 0x400de2b1 in cJSON_strdup (string=0x205 <error: Cannot access memory at address 0x205>, hooks=0x3ffb13a8 <global_hooks>) at D:/Espressif/esp-idf/components/json/cJSON/cJSON.c:198
#2 0x400df284 in cJSON_Duplicate (item=0x3ffbbdc4, recurse=1) at D:/Espressif/esp-idf/components/json/cJSON/cJSON.c:2721
#3 0x400df2b0 in cJSON_Duplicate (item=
int lora_send(cJSON *pkt, bool send_now){
bool pkt_yet_present = false; int pkt_yet_present_position = 1; int pkt_yet_present_pkt_id = 0;
if(cJSON_GetObjectItem(pkt, "from") &&
cJSON_GetObjectItem(pkt, "for") &&
cJSON_GetObjectItem(pkt, "model") &&
cJSON_GetObjectItem(pkt, "sik") &&
cJSON_GetObjectItem(pkt, "pkt_id") &&
cJSON_GetObjectItem(pkt, "datatype") &&
LORA.pkt_to_send <= 14){
for (int i = 1; i <= LORA.pkt_to_send; i++) {
if(JSON_get_number_from_item_debug(LORA.send_pkt_buffer[i],"for", (i+10)) == JSON_get_number_from_item_debug(pkt,"for", (i+20)) && \
strcmp(JSON_get_string_from_item(LORA.send_pkt_buffer[i],"model"), JSON_get_string_from_item(pkt,"model"))==0 && \
strcmp(JSON_get_string_from_item(LORA.send_pkt_buffer[i],"datatype"), JSON_get_string_from_item(pkt,"datatype"))==0 ) {
pkt_yet_present = true;
pkt_yet_present_position = i;
pkt_yet_present_pkt_id = JSON_get_number_from_item(LORA.send_pkt_buffer[i],"pkt_id");
break;
}
taskYIELD();
}
if (pkt_yet_present == false) {
cJSON_SetNumberValue(cJSON_GetObjectItem(pkt,"pkt_id"), LORA.pkt_id++);
if (send_now == false) {
LORA.pkt_to_send++;
cJSON_Delete(LORA.send_pkt_buffer[LORA.pkt_to_send]);
LORA.send_pkt_buffer[LORA.pkt_to_send] = cJSON_Duplicate(pkt, true);
}
else {
if (LORA.pkt_to_send == 0) {
LORA.pkt_to_send++;
cJSON_Delete(LORA.send_pkt_buffer[LORA.pkt_to_send]);
LORA.send_pkt_buffer[LORA.pkt_to_send] = cJSON_Duplicate(pkt, true);
}
else {
for (int i = LORA.pkt_to_send; i >= 1; i--) {
cJSON_Delete(LORA.send_pkt_buffer[i + 1]);
LORA.send_pkt_buffer[i + 1] = cJSON_Duplicate(LORA.send_pkt_buffer[i], true);
}
LORA.pkt_to_send++;
cJSON_Delete(LORA.send_pkt_buffer[1]);
LORA.send_pkt_buffer[1] = cJSON_Duplicate(pkt, true);
}
}
}
else if (pkt_yet_present == true) {
cJSON_SetNumberValue(cJSON_GetObjectItem(pkt,"pkt_id"), pkt_yet_present_pkt_id);
if (send_now == false) {
cJSON_Delete(LORA.send_pkt_buffer[LORA.pkt_to_send]);
LORA.send_pkt_buffer[LORA.pkt_to_send] = cJSON_Duplicate(pkt, true); <------ line 263
}
else {
for (int i = pkt_yet_present_position - 1; i >= 1; i--) {
cJSON_Delete(LORA.send_pkt_buffer[i + 1]);
LORA.send_pkt_buffer[i + 1] = cJSON_Duplicate(LORA.send_pkt_buffer[i], true);
}
cJSON_Delete(LORA.send_pkt_buffer[1]);
LORA.send_pkt_buffer[1] = cJSON_Duplicate(pkt, true);
}
}
return JSON_get_number_from_item(pkt,"pkt_id");
}else{ return -1; }
}
Looks like there’s a bit of dependent code not shown that might impact this problem. One thing that jumps out… Are you sure `LORA.send_pkt_buffer[LORA.pkt_to_send] = …` isn’t accessing outside the valid range of the buffer? What is the value of `LORA.pkt_to_send` at the point of failure? How big is the buffer? Sent from Mail for Windows From: AlgoONSent: Thursday, March 31, 2022 11:43 AMTo: DaveGamble/cJSONCc: SubscribedSubject: [DaveGamble/cJSON] cJSON_strdup causes LoadProhibitedCause (Issue #677) Hi,After a while that the program runs (about 30 hours) the esp creshes with LoadProhibitedCause and the core dump report that cJSON_strdup (that was call into cJSON_Duplicate) function cannot access memory at address 0x205.================== CURRENT THREAD REGISTERS ===================exccause 0x1c (LoadProhibitedCause)excvaddr 0x205epc1 0x400da013epc2 0x0epc3 0x0epc4 0x0epc5 0x0epc6 0x0eps2 0x0eps3 0x0eps4 0x0eps5 0x0eps6 0x0pc 0x400014dc 0x400014dclbeg 0x4000c46c 1073792108lend 0x4000c477 1073792119lcount 0x0 0sar 0xe 14ps 0x60620 394784threadptr br scompare1 acclo acchi m0 m1 m2 m3 expstate f64r_lo f64r_hi f64s fcr fsr a0 0x800de2b1 -2146573647a1 0x3ffc6e30 1073507888a2 0x205 517a3 0x201 513a4 0xff 255a5 0xff00 65280a6 0xff0000 16711680a7 0xff000000 -16777216a8 0x80092060 -2146885536a9 0x3ffc6e00 1073507840a10 0x3ffd2c74 1073556596a11 0x1800 6144a12 0x3ffaed60 1073409376a13 0x0 0a14 0x1 1a15 0x3ffc4d80 1073499520==================== CURRENT THREAD STACK =====================#0 0x400014dc in ?? ()#1 0x400de2b1 in cJSON_strdup (string=0x205
LORA.send_pkt_buffer dimension is 15 and LORA.pkt_to_send at the crashes evente is not always the same value but is always under 14. Thanks for the reply