Version: 3.3.0
Platform(s) affected: ARMv7 Processor rev 5 (v7l) (RaspberryPI model 2), rev 3 (Odroid XU4)
Operating systems: Linux 4.1.13-v7+ (pi), 3.10.82-39 (odroid)
Compiler: gcc version 4.6.3 (pi), gcc version 4.9.2 (odroid)
File: programming/remoteApi/extApi.c
Function/method: simxFloat _readPureDataFloat()
Line(s): 1112
Problem: On the client side, unmarshalling of floating point number from V-REP server received char buffer where an offset from the beginning of that buffer is cast to a simxFloat and then dereferenced can cause a BUS ERROR (crash/core dump) when that memory reference is not aligned properly.
Offered solution: Explicitly copy the necessary bytes from the char buffer into a properly aligned memory location and then continue with the remaining client side conversion.
Offered patch:
Code: Select all
--- ./V-REP_PRO_EDU_V3_3_0_64_Linux/programming/remoteApi/extApi.c 2016-02-19 20:09:13.000000000 +0000
+++ ./vrep/programming/remoteApi/extApi.c 2016-04-27 12:20:58.120018564 +0000
@@ -1109,7 +1109,16 @@
stringCnt--;
}
additionalOffset+=byteOffset;
+#if 1
+ /*
+ * works on ARM and X86* arch. On ARM, the alternative causes a BUS ERROR
+ * due to alignment error for float.
+ */
+ memcpy (&retVal, commandPointer+SIMX_SUBHEADER_SIZE+additionalOffset, sizeof(simxFloat));
+ retVal=extApi_endianConversionFloat(retVal);
+#else
retVal=extApi_endianConversionFloat(((simxFloat*)(commandPointer+SIMX_SUBHEADER_SIZE+additionalOffset))[0]);
+#endif
}
return(retVal);
}