[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [DebianGIS] gpstrans

Hi,

I finally got my hands on a Garmin 48 to test with.
(running self compiled v0.40 on Sarge, ia32)


# get GPS identity
$ gpstrans-0.40 -p/dev/ttyS0 -i 2>/dev/null
Connected GPS [/dev/ttyS0] is: Garmin GPS 48 SOFTWARE - V4.60


# download waypoints
$ gpstrans-0.40 -p/dev/ttyS0 -dw --debug
[... (c) 1998-2005 ...]
CheckGPS: sending test packet
CheckGPS: sending test packet
getGPSVersion: sending product data request
Segmentation fault


(but every 6th or so time the program works and downloads the data)


(gdb) bt f
#0  0x400b103b in vsprintf () from /lib/libc.so.6
No symbol table info available.
#1  0x4009e98d in sprintf () from /lib/libc.so.6
No symbol table info available.
#2  0x0804e9db in getGPSVersion (string=0xbffff8e8) at getgpsinfo.c:344
        s = (
    BYTE *) 0x806ff22 "824 2128 4128 1143  126 4824 1131 1822 1138  143 2824  128 8136 1131  126 3824  128 5128 8133  125 2824 8133 3125 1125  125 2824 2128 4130 1143  125 3824 1133 3822 1136  143 2824 1131 1143 8128  125 3"...
        udata = 13362
        p = 0x807cff9 " 813362" <Address 0x807d000 out of bounds>
        tag = 56 '8'
        n = -78685
        temp = " - V\000øÿ¿Øn\001@\000\000\000\000t\213\a\000\\­\005@\210z\001@D}\001@x}\001@\fn\005@\210z\001@\004³\v@l$\005@\210z\001@Àè\027@ l\001@\\\000\000\000Øn\001@Pøÿ¿ l\001@Z\001\000\000Øn\001@`øÿ¿\006»\000@tp\001@x}\001@\001\000\000\000\000\000\000\000tp\001@x}\001@\001\000\000\000\000\000\000\000|,\005@\214¨\005\b\v\000\000\000\032\211\004\b\\­\005@Àè\027@@e\001@\224ùÿ¿\210øÿ¿Ð¼\000@\003\000\000\000Âøÿ¿p\214\021@Øn\001@u\214\021@\214á\004\b\006\000\000\000\001\000\000\000"...
        err = 0
        last = 6
        i = 8
        data = (BYTE *) 0x805cbc3 "\001"
#3  0x0804ed0d in getGPSInfo (refNum=0x40178320, type=3) at getgpsinfo.c:592
        total = -1644
        done = 0
        init = (BYTE *) 0x8056516 "debug"
        req = (BYTE *) 0x2d <Address 0x2d out of bounds>
        err = -16385
        rType = 0xbffff908 "8ùÿ¿É¦\004\b \203\027@\003"
        junk = -1073743468
        junk_str = 0x805b6e0 ""
#4  0x0804a6c9 in main (argc=0, argv=0xbffff9a4) at main.c:439
No locals.



As Frankie found in the coredump, the error happens during the sprintf()
call in the src/gps/getgpsinfo.c getGPSVersion() fn, line 342.

int getGPSVersion (char **string)
..
  BYTE *data=gGarminMessage+3;
...
if (serialCharsAvail())
{			/* the device apparently implements
			   the protocol capability protocol */
  char *p;
  BYTE *s=data;
  BYTE tag;
  unsigned short udata;
  int n;
  getGPSMessage();
  n=data[-1];
  p=protocols=xmalloc(5*n/3+1);
  for ( ; n; n-=3)
    {
      tag=*s; udata=toshort(s+1); 
      /* translate each protocol tag and data to the string used in the
docs */
      sprintf(p, " %c%03d", tag, udata);
      s+=3; p+=5;
    }
  *p=0;
...



in particular:

  int n;
  getGPSMessage();
  n=data[-1];
  p=protocols=xmalloc(5*n/3+1);


n=data[-1]; seems to be bogus (for me gdb "bt full" reports n=-78685),
so xmalloc() allocates junk and it segfaults when sprintf() tries to
write something to that memory address?

if I try
...
  n=data[-1];
  printf("n=%d\n", n);
...
I get n=2 which sounds more reasonable, but still the segfault.

shrug.

let me know if you need more tests, I can act as a dumb (C) terminal.


If not, and we are out of time for Etch, I suggest replacing v0.40-2 in
sid with 0.39-3 from Sarge. It is slightly less featureful but it works
and is very well tested.


Note:
 [2006-12-05] gpstrans REMOVED from testing (Britney)



Hamish
Reply to: