mbed_controller / HTTPD

HTTPD bug fix which is caused by stack overflow.

Dependents:   mbed_controller_demo

Fork of HTTPD by Suga koubou

Original HTTPD implementation of Suga koubou is great but has some bug inside unfortunately. The most critical bug was accessing buffer with the index of out of range like following.

problematic code

char buf[256];

n = httpd->_state[id].client->receive(buf, sizeof(buf));
buf[n] =0;

With above code, it could set buf[256] = 0 when more that 255 data is received. Setting buf[256] causes some other area of memory is corrupted so that system can be predictive status since than.

bug fixed code

n = httpd->_state[id].client->receive(buf, sizeof(buf)-1);
buf[n] =0;

CBuffer.h@2:584ce0a1a76e, 2015-04-10 (annotated)

Committer:
hillkim7
Date:
Fri Apr 10 09:04:38 2015 +0000
Revision:
2:584ce0a1a76e
Parent:
0:d18dff347122 
Fix critical bug cause by accessing buffer with index of out of range.; Set reasonable stack size for server task.

Who changed what in which revision?

UserRevisionLine numberNew contents of line
okini3939 0:d18dff347122 1 /* Copyright (C) 2012 mbed.org, MIT License
okini3939 0:d18dff347122 2 *
okini3939 0:d18dff347122 3 * Permission is hereby granted, free of charge, to any person obtaining a copy of this software
okini3939 0:d18dff347122 4 * and associated documentation files (the "Software"), to deal in the Software without restriction,
okini3939 0:d18dff347122 5 * including without limitation the rights to use, copy, modify, merge, publish, distribute,
okini3939 0:d18dff347122 6 * sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
okini3939 0:d18dff347122 7 * furnished to do so, subject to the following conditions:
okini3939 0:d18dff347122 8 *
okini3939 0:d18dff347122 9 * The above copyright notice and this permission notice shall be included in all copies or
okini3939 0:d18dff347122 10 * substantial portions of the Software.
okini3939 0:d18dff347122 11 *
okini3939 0:d18dff347122 12 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
okini3939 0:d18dff347122 13 * BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
okini3939 0:d18dff347122 14 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
okini3939 0:d18dff347122 15 * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
okini3939 0:d18dff347122 16 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
okini3939 0:d18dff347122 17 */
okini3939 0:d18dff347122 18
okini3939 0:d18dff347122 19 #ifndef CIRCBUFFER_H_
okini3939 0:d18dff347122 20 #define CIRCBUFFER_H_
okini3939 0:d18dff347122 21
okini3939 0:d18dff347122 22 template <class T>
okini3939 0:d18dff347122 23 class CircBuffer {
okini3939 0:d18dff347122 24 public:
okini3939 0:d18dff347122 25 CircBuffer(int length) {
okini3939 0:d18dff347122 26 write = 0;
okini3939 0:d18dff347122 27 read = 0;
okini3939 0:d18dff347122 28 size = length + 1;
okini3939 0:d18dff347122 29 buf = (T *)malloc(size * sizeof(T));
okini3939 0:d18dff347122 30 };
okini3939 0:d18dff347122 31
okini3939 0:d18dff347122 32 bool isFull() {
okini3939 0:d18dff347122 33 return (((write + 1) % size) == read);
okini3939 0:d18dff347122 34 };
okini3939 0:d18dff347122 35
okini3939 0:d18dff347122 36 bool isEmpty() {
okini3939 0:d18dff347122 37 return (read == write);
okini3939 0:d18dff347122 38 };
okini3939 0:d18dff347122 39
okini3939 0:d18dff347122 40 void queue(T k) {
okini3939 0:d18dff347122 41 if (isFull()) {
okini3939 0:d18dff347122 42 read++;
okini3939 0:d18dff347122 43 read %= size;
okini3939 0:d18dff347122 44 }
okini3939 0:d18dff347122 45 buf[write++] = k;
okini3939 0:d18dff347122 46 write %= size;
okini3939 0:d18dff347122 47 }
okini3939 0:d18dff347122 48
okini3939 0:d18dff347122 49 void flush() {
okini3939 0:d18dff347122 50 read = 0;
okini3939 0:d18dff347122 51 write = 0;
okini3939 0:d18dff347122 52 }
okini3939 0:d18dff347122 53
okini3939 0:d18dff347122 54
okini3939 0:d18dff347122 55 uint32_t available() {
okini3939 0:d18dff347122 56 return (write >= read) ? write - read : size - read + write;
okini3939 0:d18dff347122 57 };
okini3939 0:d18dff347122 58
okini3939 0:d18dff347122 59 bool dequeue(T * c) {
okini3939 0:d18dff347122 60 bool empty = isEmpty();
okini3939 0:d18dff347122 61 if (!empty) {
okini3939 0:d18dff347122 62 *c = buf[read++];
okini3939 0:d18dff347122 63 read %= size;
okini3939 0:d18dff347122 64 }
okini3939 0:d18dff347122 65 return(!empty);
okini3939 0:d18dff347122 66 };
okini3939 0:d18dff347122 67
okini3939 0:d18dff347122 68 private:
okini3939 0:d18dff347122 69 volatile uint32_t write;
okini3939 0:d18dff347122 70 volatile uint32_t read;
okini3939 0:d18dff347122 71 uint32_t size;
okini3939 0:d18dff347122 72 T * buf;
okini3939 0:d18dff347122 73 };
okini3939 0:d18dff347122 74
okini3939 0:d18dff347122 75 #endif