• Locked Locked
  • Replies 2 replies
  • Subscribers 55 subscribers
  • Views 590 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Segmentation fault while assigning data to character pointer

Mayur Paithankar
Prodigy 170 points

Other Parts Discussed in Thread: EK-TM4C1294XL

Hi

we are using CCS- v6  on win 8 and EK-TM4C1294xl board for development

as provide in attached code while i try to assign more than 36 characters to "json_sensor" pointer on line number 310.

when i tried to increase value of char r[] to fault occurs after 36 characters. This is not always the case, sometimes it generates fault after assigning 20 chars.

My requirement is 'json_sensor' length should be flexible. I tried to increase Heap and stack size but its still not working.

Can anyone help me why this fault is occurring.

Thanks.

hello.zip

  • TI__Guru**** 171729 points
    Hi,

    I was able to reproduce the issue you are seeing - basically the processor issues a Fault ISR at a certain point during the code execution.

    Despite the compiler threw several minor issues (invalid pointer assignments, implicit function declarations, nested comments) I couldn't yet get a clear idea on what may be happening.

    I still need to investigate a few details, but I will get back to you early next week, ok?

    Regards,
    Rafael
  • Expert 1240 points

    I didn't get to look at your logic in detail so I might be missing something, but this line stuck out at me:

    char *json_sensor = &r;

    r is a variable that represents a global array of 11 + 1 chars.  The variable r's value is address of the first byte of that array.

    &r is the address of the variable r.  The value of that expression is the location of the variable r, not the location of the array.

    e.g.

    Expression | Address | Value

                         0x010      'e'

                         0x011      'w'

                         0x012      'e'

    ...

         r              0x100     0x010

       &r              0x1000? 0x100

    json_sensor 0x1004   0x100

    I think if this was C++, the previously mentioned line of code wouldn't even compile, since &r is a pointer to an array of type char and json_sensor is a pointer to a char: incompatible types without a cast.  I guess C lets off (perhaps with a warning).

    So when you are writing to json_sensor, you are writing to a location that is claimed for other use which likely leads to the crash.

    Anyways, what you probably meant to do was

       char *json_sensor = r;

    In this manner we'll have:

    Expression | Address | Value

                         0x010      'e'

                         0x011      'w'

                         0x012      'e'

    ...

         r              0x100     0x010

    json_sensor 0x1000   0x010

    And when you strncat to json_sensor you'll be writing to the end of your array.


    There is a second issue.  As previously mentioned, r is an array of 11+1 bytes.  strncat adds on to the end of the string, but it trusts that you have properly allocated that memory already.  In this case you are using up the first 11 bytes of r with ewewewtyrtf, and then strncat tries to add 'j' and then 'h'... at which point you are writing out of memory your have allocated for the array.
    As an example, we'll say that in memory you have your array for r, and after that comes something else.  It could be unused, it could be some padding bytes, it could be some meta-information your program uses, or perhaps it is the start of array r1, we don't really know.  For this example, we'll say it's r1.

    Address | Value

    0x010      'e'

    0x011      'w'

    0x012      'e'

    ...

    0x019       't'

    0x01A      'f'

    0x01B      '\0'

    0x01C     '1'

    0x01D     '2'

    ...

    Now when you strncat onto json_sensor, whose value is 0x010, it searches for the null terminator of that string (found at address 0x01B) and starts to write

    Address | Value

    0x010      'e'

    0x011      'w'

    0x012      'e'

    ...

    0x019       't'

    0x01A      'f'

    0x01B      'j'

    0x01C     'h'           <-- uh oh

    0x01D     'g'           <-- this could be bad

    ...

    So what you want to do I make sure r is allocated enough space to hold all you could ever need to write to it.  You could do this by something like defining it as

    char r[11 + 5*10 + 1] = {0};  // 10 for ewewewtyrtf, 50 for 10 instances of jhgf1, one for a terminating null character


    There are other options too, depending on the nature of the problem, and how your memory is organized.  You might try dynamic memory allocation ("malloc").

    HTH