馃悰[BUG] - registry_get_plugged_type uses incorrect bounds-check for port index.
#623
Labels
bug
Something isn't working
Comments
|
This bug very likely applies to other device registry-related functions in apix.h, as well as some internal ones probably. To list a few:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
This is a fun one.
pros::c::registry_get_plugged_typesupposedly takes a zero-indexed smart port index and returns the assocaitedv5_device_e_t.6) if the provided port is out of range (docs claim the range is 0-20, which makes sense, given there are 21 smart ports and this argument is zero-indexed).-1to intentionally overflow the return value (v5_device_e_t -- which the compiler assumes is a unsigned 8-bit integer) to255(which is the value ofE_DEVICE_UNDEFINED).Okay, so when you pass an out of bounds port,
registry_get_plugged_typewill returnE_DEVICE_UNDEFINED(255 overflowed from -1) and seterrnotoENXIO, right? Nope! Specifically when requesting port 21's plugged type (a supposedly out-of-bounds port),pros::c::registry_get_plugged_typewill return12, which isE_DEVICE_ADI. Huh?registry_get_plugged_typebound-checks the port number againstVALIDATE_PORT_NO, which uses a max input value of22. This would work fine if the argument wasn't a zero-indexed port, but in this case it allows us to index intoregistry_typesone port index above the intended maximum. For some reason, this happens to be 12.V5_MAX_DEVICE_PORTSwhich has some internal V5 device access stuff after the regular smart port indexes, andvexDeviceGetStatushappens to storeINTERNAL_ADI_PORTat index 21 (which is the brain's "internal ADI expander").To Reproduce
Expected behavior
Screenshots
N/A
Desktop (please complete the following information):
Additional context
Tested on PROS 3.8.0
The text was updated successfully, but these errors were encountered: