Fatal exception 29 when handling POST request #26

valkuc · 2016-07-15T14:54:46Z

If return HTTPD_CGI_DONE from cgi method that handle POST request until full request have been processed - Fatal exception 29 at address 4020aa80
Assembly dump:

static char ICACHE_FLASH_ATTR httpdHexNibble(int val) {
    val&=0xf;
    if (val<10) return '0'+val;
4020aa7a:   022637          blt a6, a3, 4020aa80 <httpdFlushSendBuffer+0x48>
4020aa7d:   30c352          addi    a5, a3, 48
        //Finish chunk with cr/lf
        httpdSend(conn, "\r\n", 2);
        //Calculate length of chunk
        len=((&conn->priv->sendBuff[conn->priv->sendBuffLen])-conn->priv->chunkHdr)-8;
        //Fix up chunk header to correct value
        conn->priv->chunkHdr[0]=httpdHexNibble(len>>12);
4020aa80:   004452          s8i a5, a4, 0
        conn->priv->chunkHdr[1]=httpdHexNibble(len>>8);
4020aa83:   7c38        l32i.n  a3, a12, 28
    conn->priv->sendBuffLen+=len;
    return 1;
}

To reproduce, just create a method that handle POST request and return HTTPD_CGI_DONE until request completed. Example:

int ICACHE_FLASH_ATTR cgi_test_fatal_exception(HttpdConnData *connData)
{
    return HTTPD_CGI_DONE;
}

The text was updated successfully, but these errors were encountered:

Caused by buffer overflow.

valkuc added a commit to valkuc/libesphttpd that referenced this issue Feb 16, 2017

Fix for Spritetm#26

693d0da

Caused by buffer overflow.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fatal exception 29 when handling POST request #26

Fatal exception 29 when handling POST request #26

valkuc commented Jul 15, 2016 •

edited

Loading

Fatal exception 29 when handling POST request #26

Fatal exception 29 when handling POST request #26

Comments

valkuc commented Jul 15, 2016 • edited Loading

valkuc commented Jul 15, 2016 •

edited

Loading