Skip to content

Stack Smashing protect Failure - getCharacteristics() #3015

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
arsab opened this issue Jul 19, 2019 · 5 comments
Closed

Stack Smashing protect Failure - getCharacteristics() #3015

arsab opened this issue Jul 19, 2019 · 5 comments

Comments

@arsab
Copy link

arsab commented Jul 19, 2019

Trying to connect:
https://forum.mysensors.org/topic/6951/nrf5-multi-sensor-board-12-14

Configured appropriate service and characteristics:
static BLEUUID serviceMPUUID("6e400001-b5a3-f393-e0a9-e50e24dcca9e");
static BLEUUID charMP_BMUUID("6e400004-b5a3-f393-e0a9-e50e24dcca9e");

then when getting characteristic pointer:
pMP_BMRemoteCharacteristic = pMPRemoteService->getCharacteristic(charMP_BMUUID);

faced "Stack Smashing protect Failure"

Looks to be solved by:
nkolban/esp32-snippets#863

"Hi,
probably its because you are using arduino library with bug (maybe more than 1), in this library its already fixed:
https://github.com/nkolban/esp32-snippets/blob/master/cpp_utils/BLERemoteService.cpp#L129"

effectively changing "uint16_t count = 1;" looks to be resolved, my program then works.
@chegewara
Copy link
Contributor

Stack Smashing protect Failure
Task's stack is too small. You have 2 options:

  1. increase task's stack
  2. try to make some local variables (most likely some arrays) a global variables to initialize in heap instead of on stack

@mwild1
Copy link

mwild1 commented Aug 2, 2019

No, this is not related to stack size. This is a bug in the BLE library that took me some time to track down (frustratingly it seems it is already fixed in another repo).

The problem is that the function at https://github.com/espressif/arduino-esp32/blob/master/libraries/BLE/src/BLERemoteService.cpp#L159 allocates space for a single result on the stack:

	esp_gattc_char_elem_t result;

But then passes a count of 10 to esp_ble_gattc_get_all_char(). The documentation is not great for this function, but it appears this may cause it to copy up to 10 results into the array provided by the result pointer. However there is only space allocated for a single result, so multiple characteristics will overflow and trigger the stack smashing protection.

	uint16_t count = 10;  // this value is used as in parameter that allows to search max 10 chars with the same uuid
		esp_gatt_status_t status = ::esp_ble_gattc_get_all_char(
			getClient()->getGattcIf(),
			getClient()->getConnId(),
			m_startHandle,
			m_endHandle,
			&result,
			&count,
			offset
);

Since it is called in a loop already, I assume simply setting count = 1 is an acceptable fix.

@atanisoft
Copy link
Collaborator

@mwild1 definitely looks like a possible solution, feel free to submit a PR for this after testing.

@chegewara
Copy link
Contributor

Yes, this seems it is that bug. I still forgot it is not fixed in arduino.

@arsab
Copy link
Author

arsab commented Sep 2, 2019

I assume we can now close this one since the fix is now repository:
#3082
a12d609

@arsab arsab closed this as completed Sep 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mwild1 @chegewara @atanisoft @arsab