PX4-Autopilot icon indicating copy to clipboard operation
PX4-Autopilot copied to clipboard
verified publisher icon PX4

[Bug] Infinite oscillation between restricted areas due to incorrect calculation of loiter points during geofence avoidance

Open Drone-Lab opened this issue 7 months ago • 0 comments

Describe the bug

Summary

Now the drone is locating in a narrow corridor between two restricted zones, when the drone touches the front geofence boundary and enters the "hold" state, its inertial overshoot pushes it backward into the rear restricted zone. The flight controller’s flawed hover point calculation forces the drone to oscillate indefinitely between the two restricted zones.

5c7f235d1efdb11bd5749a9927dd1a0

Details

When the flight control system of the drone breaks through the geographical fence and the response action is set to "hold", it calculates a hover point outside the restricted area along the current flight path, taking the drone’s inertia into consideration. However, it did not take into account that the rear of the drone is also close to the no fly zone, and this hovering point is within the no fly zone at the back, repeating the previous situation and causing the drone to repeatedly swing back and forth. https://github.com/PX4/PX4-Autopilot/blob/b8c541dd7277ed735139d7d1bfb829d61fbe29fb/src/modules/navigator/GeofenceBreachAvoidance/geofence_breach_avoidance.cpp#L151-L176

PoC

Reproduce the vulnerability:

  • Set a concave no fly zone, such as a U-shaped polygon.
  • Place the drone inside the concave shape, near one of the boundaries.
  • Command the drone to fly towards a location where it needs to pass through the no fly zone, but due to the existence of the no fly zone, the drone must adjust its path.
  • Trigger obstacle avoidance logic and observe whether the generated hover point is still within the no fly zone, causing further adjustments and forming a loop.

https://github.com/user-attachments/assets/1109160f-018d-4219-be56-3ea33d625521

Impact

  • A user might inadvertently encounter this vulnerability, which forces the drone into an endless cycle of unintended oscillation. When the drone contacts the front geofence boundary and enters a “hold” state, its inertial overshoot drives it back into a restricted area, causing it to repeatedly collide with obstacles as a result of a flawed hover point calculation.

  • Due to being in a hold state, users cannot even pause this process.

  • Attackers can also leverage this vulnerability by configuring mission parameters and geo-fences to circumvent safety checks, enabling covert attacks.

To Reproduce

No response

Expected behavior

No response

Screenshot / Media

No response

Flight Log

No response

Software Version

No response

Flight controller

No response

Vehicle type

None

How are the different components wired up (including port information)

No response

Additional context

No response

Drone-Lab avatar May 02 '25 05:05 Drone-Lab