We're using a value off the wire before it has been validated. That value is used to limit indexing into a buffer, and that buffer isn't big enough to handle all possible "bad" values that index could take on. Note that "read" here returns int16_t....
the AP_CANManager::log_text() gets called from debug logging in
AP_DroneCAN. It is a method on a common AP_CANManager object which is
shared by multiple AP_DroneCAN threads.
if two threads call the debug log messages at the same time then we
can end up with _log_pos greater than LOG_BUFFER_SIZE (1024) and
overwrite past the end of the buffer
in the crash_dump we have for this case the next piece of memory was
hal.can[0], and the overwrite of the buffer had corrupted the
MessageRam_ structurre in the ChibiOS CAN interface code. That led to
a hardfault on receive of a CAN message
Note that this issue only happens if CAN_LOGLEVEL is set to greater
than zero, and the default is zero. So users can avoid the bug by
checking they have not changed CAN_LOGLEVEL.
Also, this is likely an issue that only happens on startup, as once
the two AP_DroneCAN threads are fully running they have the same
thread priority so can't pre-empt each other. During startup some
messages are sent from the main thread which has a different priority
to the AP_DroneCAN threads, and can thus trigger this issue
Update README.md: add bluetooth introduction to features
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: fix description about SERIAL8
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: fix description about RC
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: add description about "LED" pin
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: fix description about Loading Firmware
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: fix description about update firmware
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
remove defaults.parm and defined default params in hwdef file
Update README.md: fix description about osd
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
remove parameter define about serial4
Update README.md: add a section about BlueTooth
Update README.md: add bluetooth introduction to features
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: fix description about SERIAL8
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: fix description about RC
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: add description about "LED" pin
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: fix description about Loading Firmware
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: fix description about update firmware
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
remove defaults.parm and defined default params in hwdef file
Update README.md: fix description about osd
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
remove parameter define about serial4
Update README.md: add a section about BlueTooth
Update README.md: uses internal esc
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: introduction about RC input
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: introduction about PWM groups
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
remove defaults.parm and defined default params in hwdef file
Update README.md: uses internal esc
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: introduction about RC input
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
Update README.md: introduction about PWM groups
Co-authored-by: Henry Wurzburg <hwurzburg@yahoo.com>
remove defaults.parm and defined default params in hwdef file
Issue introduced in https://github.com/ArduPilot/ardupilot/pull/27370
and partially fixed in https://github.com/ArduPilot/ardupilot/pull/27762,
though evidently not properly tested.
Failing to track the maximum can result in dangerously low values being
calculated for `ATC_ACCEL_[RPY]_MAX` and the vehicle becoming unflyable.
Make the variable a reference so that the maximum value is preserved
between function calls.
if the user arms within 30s of startup then stop the re-init of the
sensors. This can give less accurate frequency as the sample rate may
not have settled yet, but it is better than doing init of the filters
while the vehicle may be flying
also fix a 32 bit millis wrap
this supports logging of all bxCAN and CANFD frames, which helps with
debugging tricky CAN support issues and for the development of new CAN
driver lua scripts
