List view
The issue is in the below snippet from the Chilipepper_ReadPacket function: numBytesReady = *chili_num_bytes_ready; if (numBytesReady == 0) return -1; // read the bytes and the CRC for (i1=0; i1 { XC_Read(chiliRxIface, chiliRxFromFifo->dout, &value); rxBuf[i1] = value; } At times, the value in chili_num_bytes_ready will be unexpectedly large, even if there is nothing transmitting. This is very dangerous because the function does not do any boundary checking on the rxBuf buffer, which was passed in by the caller. If the size of the buffer cannot accommodate the garbage data, it can lead to a blown stack. We "fixed" the problem by making our rxBuffer much larger. In my opinion the caller should pass in the size of the buffer as a function argument, and the for condition should take this parameter into account when filling rxBuf. The data the Chilipepper thinks it's reading in these instances does not appear to be noise; the data it fills the rxBuffer with is a repeating pattern of the values 252 and 0. The beginning of the pattern can be seen in this image from our wiki, under the "Variables" tab: https://bitbucket.org/repo/4gKgMo/images/3623777899-ChilipepperScreenshot.png. It may be something OTA, or it may be something more sinister lurking in the PL or the Chilipepper itself.
Overdue by 11 year(s)•Due by July 26, 2014