- Ask a related questionWhat is a related question?A related question is a question created from another question. When the related question is created, it will be automatically linked to the original question.
Tool/software: WEBENCH® Design Tools
When a ZCL_CMD_DISCOVER_CMDS_RECEIVED_RSP or ZCL_CMD_DISCOVER_CMDS_GEN_RSP was received and parsed in zclParseInDiscCmdsRspCmd, the z-stack will crash. The pointer "pDiscoverRspCmd->pCmdID" has not been assigned to allocated buffer. It can be fixed like this.
This issue is appearing in SDK 3.30, SDK3.20 , Z-stack 3.0.2
static void *zclParseInDiscCmdsRspCmd( zclParseCmd_t *pCmd )
{
zclDiscoverCmdsCmdRsp_t *pDiscoverRspCmd;
uint8_t *pBuf = pCmd->pData;
uint8_t numCmds = ZCLDISCRSPCMD_DATALEN(pCmd->dataLen); // length of command ID variable array
// allocate memory for size of structure plus variable array
pDiscoverRspCmd = (zclDiscoverCmdsCmdRsp_t *)zcl_mem_alloc( sizeof ( zclDiscoverCmdsCmdRsp_t ) +
( numCmds * sizeof(uint8_t) ) );
if ( pDiscoverRspCmd != NULL )
{
uint8_t i;
pDiscoverRspCmd->discComplete = *pBuf++;
pDiscoverRspCmd->numCmd = numCmds;
pDiscoverRspCmd->pCmdID = (uint8_t*)( pDiscoverRspCmd + 1 ); //set pCmdId pointer, fixed by luoyiming 2019-10-18
for ( i = 0; i < numCmds; i++ )
{
pDiscoverRspCmd->pCmdID[i] = *pBuf++;
}
}
return ( (void *)pDiscoverRspCmd );
}
