Potential Program Crash

Question

Potential Program Crash

Closed this issue 7 months ago · 5 comments

Aspire-Design-Ltd commented 7 months ago

Hi.

While working on the windows version of the code I believe I have found a potential memory corruption.

The function 'acquireHPGLplot' uses the gtk function 'g_strsplit' this could return an empty tokens array if the string passed to it is empty.

This means the variable max would be zero. The code line below will corrupt memory:
strcpy( sHPGL, tokens[max-1] );

Thanks MPC.

Answer 1 · 2024-05-25T15:09:10.000Z

I don't think this will occur.
There IS a string (sHPGL) passed to g_strsplit in all cases. It may be zero length but it is still a valid pointer.
g_strsplit will return a minimum of one string (if there is no match, the whole string is the first string in the array (in the case of a zero length string, a pointer to the NULL (still a valid string)) and hence g_strv_length will be at least 1.

Answer 2 · 2024-05-25T15:52:26.000Z

Hi. When testing I occasionally got a null terminated empty string for sHPGL. This caused g_splitstr to return a empty token array and the variable 'max' finished up set to zero.

It only happens during faulty responses but it does cause a program crash.
More a bug in g_splitstr.
MPC.

Answer 3 · 2024-05-25T16:50:26.000Z

OK, I added a check. BTW I see you are having problems with 'analyze learn string' ... can you give me some details?

Answer 4 · 2024-05-25T16:57:56.000Z

What does it do? I think the issue might be the NI driver but I need to do more work.

I am using a HP8753ES could this be an issue?

Answer 5 · 2024-05-25T17:22:39.000Z

There are some state data that is not available using the defined GPIB commands. (e.g: querying a marker actually turns it on).
These data ARE embedded in the learn string but each version uses a different format so I have to do a series of actions to see where in the learn string the data is located. (i.e. turn on marker 1 and see where the learn string changes).
This is kind of precarious and it's likely the algorithm fails with the 8753ES. One solution (when analyzing and using the LS for data extraction) might be to to precede the "OUTPLEAS" with "SELL413" command to constrain the learn string to the 4.13 version (if the FM version is above 4.13). (although I did have one user with a 'D' model that worked (but can't test with that 6.12 FW version)).
When retrieving and restoring you would use "SELL0" to save and recover the full native learn string.