This thread has been locked.
If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.
Tool/software: WEBENCH® Design Tools
When a ZCL_CMD_DISCOVER_CMDS_RECEIVED_RSP or ZCL_CMD_DISCOVER_CMDS_GEN_RSP was received and parsed in zclParseInDiscCmdsRspCmd, the z-stack will crash. The pointer "pDiscoverRspCmd->pCmdID" has not been assigned to allocated buffer. It can be fixed like this.
This issue is appearing in SDK 3.30, SDK3.20 , Z-stack 3.0.2
static void *zclParseInDiscCmdsRspCmd( zclParseCmd_t *pCmd ) { zclDiscoverCmdsCmdRsp_t *pDiscoverRspCmd; uint8_t *pBuf = pCmd->pData; uint8_t numCmds = ZCLDISCRSPCMD_DATALEN(pCmd->dataLen); // length of command ID variable array // allocate memory for size of structure plus variable array pDiscoverRspCmd = (zclDiscoverCmdsCmdRsp_t *)zcl_mem_alloc( sizeof ( zclDiscoverCmdsCmdRsp_t ) + ( numCmds * sizeof(uint8_t) ) ); if ( pDiscoverRspCmd != NULL ) { uint8_t i; pDiscoverRspCmd->discComplete = *pBuf++; pDiscoverRspCmd->numCmd = numCmds; pDiscoverRspCmd->pCmdID = (uint8_t*)( pDiscoverRspCmd + 1 ); //set pCmdId pointer, fixed by luoyiming 2019-10-18 for ( i = 0; i < numCmds; i++ ) { pDiscoverRspCmd->pCmdID[i] = *pBuf++; } } return ( (void *)pDiscoverRspCmd ); }
Thanks for reporting this, I've replicated the issue and passed the information along to the SW Dev Team. It will be corrected in the next SDK and the Known Issues & Proposed Fixes E2E sticky has been updated.
Regards,
Ryan