[RCX-836] rX_DdpGetExtendedDeviceData() copies too many data to user buffer - Hilscher Ticket

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: V2.1.5.0, V2.1.5.1, V2.1.6.0, V2.1.6.1, V2.1.7.0, V2.1.7.1, V2.1.8.0, V2.1.8.1, V2.1.9.0, V2.1.9.1, V2.1.10.0, V2.1.11.0, V2.1.11.1, V2.1.11.2, V2.1.11.3, V2.1.11.4, V2.1.11.5, V2.1.11.6, V2.1.11.7, V2.1.11.8, V2.1.11.9
Fix Version/s: V2.1.11.10, V2.1.12.0
Component/s: Middleware
Labels:
None

Account:
SDO rcX (SDORCX)

Description

If the function rX_DdpGetExtendedDeviceData() is called by a LOM application which uses the the ulSize parameter less than the complete zone area size, the buffer is overwritten.

This happens because the ulSize parameter of the structure GET_EXT_DEVICE_DATA_TYPE_SECMEM_DATA_IN_T is not evaluated and the whole zone data are always copied to the given user buffer pointer.

This was seen in the PROFINET Slave LOM V3.10.0.0 for netX51.

Attachments

Issue Links

mentioned in: Page Loading...

Expenses

Activity

Status Description

People

Reporter:

Robert M [X] (Inactive)

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

2016-05-13 10:58

Updated:

2021-05-21 12:54

Resolved:

2016-11-01 14:31