This repository was archived by the owner on Aug 2, 2021. It is now read-only.
This repository was archived by the owner on Aug 2, 2021. It is now read-only.
Probably stack corruption in AttitudeManager.c adjustVNOrientationMatrix.c #77
Description
It looks like there could be possible stack corruption in the adjustVNOrientationMatrix function within AttitudeManager.c. You can see we declare an array of 9 floats, and pass it onto the vectornav function
VN100_SPI_GetRefFrameRot .
void adjustVNOrientationMatrix(float* adjustment){
adjustment[0] = deg2rad(adjustment[0]);
adjustment[1] = deg2rad(adjustment[1]);
adjustment[2] = deg2rad(adjustment[2]);
float matrix[9];
VN100_SPI_GetRefFrameRot(0, (float*)&matrix);
...otherstuff...
}Inside this function however we see that its going to try to write 12 bytes onto the variable (look at for loop). This will cause a corruption of the stack. According to chris everytime the adjustVNOrientation matrix function is called, the picpilot crashes, so this would explain why.
VN100_SPI_Packet* VN100_SPI_GetRefFrameRot(unsigned char sensorID, float* refFrameRot){
unsigned long i;
/* Read register */
VN100_SPI_ReadRegister(sensorID, VN100_REG_RFR, 12);
/* Get reference frame rotation parameters */
for(i=0;i<12;i++){
refFrameRot[i] = VN_SPI_LastReceivedPacket.Data[i].Float;
}
/* Return pointer to SPI packet */
return &VN_SPI_LastReceivedPacket;
}