Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

i2c_slave.c: fix buffer overrun on s_i2c_handle_complete() (IDFGH-13973) #14804

Closed
wants to merge 1 commit into from

Conversation

danielcolchete
Copy link

@danielcolchete danielcolchete commented Oct 30, 2024

Fixing a buffer overrun of i2c_slave->data_buf.

The i2c_ll_read_rxfifo function was using t->rcv_fifo_cnf (the I2C slave reading code's buffer size) as the limit for how many bytes on write on i2c_slave->data_buf.

This buffer size for i2c_slave->data_buf is generally smaller than the buffer that the I2C slave reading code has.

Description

Issue #14803 explains the problem, but TL/DR the i2c_slave_receive() workflow causes memory corruption due to a buffer overrun. And then it generally gets to a Core 0 panic'ed (StoreProhibited). Exception was unhandled. error on runtime.

Related

Fixes #14803

Documentation used for my own test case: https://docs.espressif.com/projects/esp-idf/en/v5.3.1/esp32/api-reference/peripherals/i2c.html

Testing

Tested locally on a couple of ESP32-DevKitC-V4 boards.

Checklist

Before submitting a Pull Request, please ensure the following:

  • 🚨 This PR does not introduce breaking changes.
  • All CI checks (GH Actions) pass.
  • Documentation is updated as needed.
  • Tests are updated or added as necessary.
  • Code is well-commented, especially in complex areas.
  • Git history is clean — commits are squashed to the minimum necessary.

Fixing a buffer overrun of i2c_slave->data_buf. 

The i2c_ll_read_rxfifo function was using t->rcv_fifo_cnf (the I2C slave reading code's buffer size) as the limit for how many bytes on write on i2c_slave->data_buf.

This buffer size for i2c_slave->data_buf is generally smaller than the buffer that the I2C slave reading code has.
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Copy link

github-actions bot commented Oct 30, 2024

Warnings
⚠️

Some issues found for the commit messages in this PR:

  • the commit message "i2c_slave.c: fix buffer overrun on s_i2c_handle_complete()":
    • body's lines must not be longer than 100 characters
    • summary looks empty
    • type/action looks empty

Please fix these commit messages - here are some basic tips:

  • follow Conventional Commits style
  • correct format of commit message should be: <type/action>(<scope/component>): <summary>, for example fix(esp32): Fixed startup timeout issue
  • allowed types are: change,ci,docs,feat,fix,refactor,remove,revert,test
  • sufficiently descriptive message summary should be between 20 to 72 characters and start with upper case letter
  • avoid Jira references in commit messages (unavailable/irrelevant for our customers)

TIP: Install pre-commit hooks and run this check when committing (uses the Conventional Precommit Linter).

👋 Hello danielcolchete, we appreciate your contribution to this project!


📘 Please review the project's Contributions Guide for key guidelines on code, documentation, testing, and more.

🖊️ Please also make sure you have read and signed the Contributor License Agreement for this project.

Click to see more instructions ...


This automated output is generated by the PR linter DangerJS, which checks if your Pull Request meets the project's requirements and helps you fix potential issues.

DangerJS is triggered with each push event to a Pull Request and modify the contents of this comment.

Please consider the following:
- Danger mainly focuses on the PR structure and formatting and can't understand the meaning behind your code or changes.
- Danger is not a substitute for human code reviews; it's still important to request a code review from your colleagues.
- Resolve all warnings (⚠️ ) before requesting a review from human reviewers - they will appreciate it.
- To manually retry these Danger checks, please navigate to the Actions tab and re-run last Danger workflow.

Review and merge process you can expect ...


We do welcome contributions in the form of bug reports, feature requests and pull requests via this public GitHub repository.

This GitHub project is public mirror of our internal git repository

1. An internal issue has been created for the PR, we assign it to the relevant engineer.
2. They review the PR and either approve it or ask you for changes or clarifications.
3. Once the GitHub PR is approved, we synchronize it into our internal git repository.
4. In the internal git repository we do the final review, collect approvals from core owners and make sure all the automated tests are passing.
- At this point we may do some adjustments to the proposed change, or extend it by adding tests or documentation.
5. If the change is approved and passes the tests it is merged into the default branch.
5. On next sync from the internal git repository merged change will appear in this public GitHub repository.

Generated by 🚫 dangerJS against 4157a58

@github-actions github-actions bot changed the title i2c_slave.c: fix buffer overrun on s_i2c_handle_complete() i2c_slave.c: fix buffer overrun on s_i2c_handle_complete() (IDFGH-13973) Oct 30, 2024
@espressif-bot espressif-bot added the Status: Opened Issue is new label Oct 30, 2024
@mythbuster5
Copy link
Collaborator

Thanks for the contribution. We notice that the api in i2c_slave.c has several issues, and lack ease of use. So we are coming with new i2c slave driver in i2c_slave_v2.c (will be online both master and v5.4). Meanwhile, we will slow down the maintainance of i2c_slave.c and focus maintain i2c_slave_v2.c. And i2c_slave.c will be removed in next esp-idf update. I will close this contribution for this reason. Thank you again!

@espressif-bot espressif-bot added Status: Done Issue is done internally Resolution: Won't Do This will not be worked on and removed Status: Opened Issue is new labels Nov 25, 2024
@KaeLL
Copy link
Contributor

KaeLL commented Nov 25, 2024

@mythbuster5 how does "slow down the maintenance of i2c_slave.c" translates into not accepting memory corruption bugfixes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Resolution: Won't Do This will not be worked on Status: Done Issue is done internally
Projects
None yet
Development

Successfully merging this pull request may close these issues.

StoreProhibited exception when using i2c_slave_receive (IDFGH-13976)
5 participants