LoRaMac-node icon indicating copy to clipboard operation
LoRaMac-node copied to clipboard

Published 20 hours ago verified publisher icon Lora-net

Integer underflow while calculating RXWindow

Open NovaNekmit opened this issue 1 year ago • 0 comments

The fix for #1349 (e5076e13be4993aa81c5c5959a2c310e3100c486) calculates the windows without first checking if the processing delay was longer the rx window delay.
This may causes a negative result to be passed to TimerSetValue as unsigned integer, resulting in an extremely very large timeout (close to 50 days).

    CRITICAL_SECTION_BEGIN( );
    uint32_t offset = TimerGetCurrentTime( ) - TxDoneParams.CurTime;  // this could get larger than window delays
    TimerSetValue( &MacCtx.RxWindowTimer1, MacCtx.RxWindow1Delay - offset );  // underflow can happen here
    TimerStart( &MacCtx.RxWindowTimer1 );
    TimerSetValue( &MacCtx.RxWindowTimer2, MacCtx.RxWindow2Delay - offset );  // underflow can happen here
    TimerStart( &MacCtx.RxWindowTimer2 );
    CRITICAL_SECTION_END( );

Of course this should not happen (as that means the window has been missed), but it can occur depending on processing priorities.
4.6.0 is not effected as the window delay was not calculated based on the offset.

NovaNekmit avatar Mar 15 '23 12:03 NovaNekmit